Really? So there is no way to have username/password logins for the stratum miners either I guess (if it's all plaintext). – stone.212 – 2017-12-07T04:05:59.093

They have logins, but it’s all in plaintext so can be stolen by observers or redirected. – Anonymous – 2017-12-07T04:26:17.287

Oh. Do you know a more secure mining method for pools? And how many miners can that method handle on one pool? – stone.212 – 2017-12-07T05:01:44.483

You can wrap a normal stratum socket (or any tcp connection) with SSL using stunnel, but this needs to be supported by the pool as well as the client. As far as I know nobody does this presently. – Anonymous – 2017-12-07T05:06:24.593

Thank you but my question was if you know a more secure (than stratum) mining method for pools, and how many miners such pools can handle. I worry about HTTP because I'm not sure if they handle https and I hear that they don't handle lots of miners at one time. – stone.212 – 2017-12-07T08:04:47.843

Stratum is JSON over raw TCP, there's no HTTP involved in it. There's no other protocols in use, 21.co had a binary protocol based on protobuf but there's nothing using that today. It also, was not encrypted or authenticated. – Anonymous – 2017-12-07T08:28:11.740

I didn't say Stratum uses http. But http mining is a thing that exists. I am trying to decide if using it would be preferable from a security standpoint. – stone.212 – 2017-12-08T07:32:25.767

HTTP based mining hasn't existed since 2011 with getwork and getblocktemplate which never gained any adoption. For very latency sensitive things (i.e., mining) HTTP is a ridiculously bad choice. – Anonymous – 2017-12-08T08:54:16.393

That's helpful. Some mining pool software on Github offers HTTP so I thought it was a viable alternative. I wonder why EthOS still requires you to specify stratum if stratum is all that's used? – stone.212 – 2017-12-08T10:50:16.587