SoloLuck

Mining over TLS: the :3334 port and when encryption matters

← back to pool

SoloLuck Blog · 2026-06-30

What the TLS port actually does

When your miner talks to a pool it speaks stratum — the protocol that carries your work assignments, your submitted shares, and the username that says where a block should pay. On the plaintext ports (:3333, :8081, :4334, :3335) that conversation travels in the clear: anything sitting between your miner and SoloLuck can read it, and in principle change it.

TLS (Transport Layer Security — the same encryption behind the padlock on https://) wraps that stratum conversation in an encrypted, tamper-evident tunnel. SoloLuck's port :3334 is exactly that: a TLS-encrypted stratum endpoint. The encryption is terminated at our edge and forwarded to a backend port, so your difficulty, vardiff, and stats behave exactly as they do on a plaintext port — the only change is that the wire between you and us is now private and integrity-checked.

In short: same mining, same payouts, same luck — just a sealed envelope instead of a postcard.

The real threat: address rewriting and hashrate theft

Encryption sounds abstract until you see what it stops. The serious risk with plaintext stratum is not someone reading your traffic — it's someone changing it in transit. This is a MITM (man-in-the-middle) attack: a device on the network path quietly sits between your miner and the pool.

Both attacks need a position on your network path. TLS shuts them down: because the tunnel is authenticated and integrity-checked, an attacker can't silently rewrite your address or reroute your shares without breaking the connection.

When it matters — and when plaintext is fine

TLS is not something you must turn on everywhere. The honest rule of thumb is to match the protection to how much you trust the network.

Plaintext is perfectly fine on a trusted home LAN — your own router, your own wiring, your own Wi-Fi. A Bitaxe or Avalon Nano on the shelf at home talks to a network you control end to end; there is no realistic man-in-the-middle, and the plaintext ports cost you nothing.

TLS matters the moment the path leaves your hands:

If you can't personally trust every hop between your miner and the pool, point it at :3334. When in doubt, encrypt — the cost is negligible.

How to connect on port 3334

Connecting over TLS is the same as any SoloLuck port, with two changes: the URL scheme and the port number. Use a TLS stratum URL:

The key detail is the scheme. Plaintext stratum uses stratum+tcp://; the encrypted version uses stratum+tcps:// — note the trailing s, just as https is the encrypted form of http. The host (stratum.sololuck.io, or the raw IP 148.230.98.87) and your username stay identical to the plaintext ports.

Everything downstream behaves normally: your difficulty is tuned by vardiff, your shares and best-share stats appear on your address page, and a block still pays the full reward straight to your own address — minus SoloLuck's 2% fee, which is charged only when you actually find a block. The pool never holds your coins; only the transport changed.

Firmware support, overhead, and what TLS won't do

The one real caveat is firmware. TLS support varies by miner. Some builds of cgminer (the mining client many ASICs run) accept the stratum+tcps:// scheme directly, and some AxeOS versions on Bitaxe-class boards do too — but support and the exact field format differ between releases. Confirm your firmware actually offers a TLS or tcps option before assuming it works. If it doesn't, stay on a plaintext port or update firmware first; a miner that silently fails to negotiate TLS will simply look offline.

The overhead is negligible. TLS adds a one-time handshake and a sliver of CPU to encrypt each message — nothing next to the work your ASIC is already doing. It won't measurably raise latency or cost you hashrate.

Finally, be clear on what TLS is for: it protects the privacy and integrity of your connection. It does not change your odds of finding a block — in solo mining your luck depends only on your hashrate versus the network difficulty. TLS keeps your traffic and your payout address safe; it doesn't make the lottery any kinder.

FAQ

Does mining over TLS improve my chances of finding a block?
No. In solo mining your odds depend only on your hashrate versus the network difficulty. TLS encrypts and protects your connection — it changes nothing about your luck or your payout amount.
Do I need TLS on my home network?
Usually not. On a trusted home LAN you control end to end, the plaintext ports are perfectly fine. TLS earns its keep on untrusted, hosted, or rental networks where someone could snoop on or tamper with your traffic.
What exactly does TLS protect against?
It stops an attacker on your network path from reading or altering your stratum traffic — most importantly a man-in-the-middle rewriting your payout address or hijacking (stealing) your hashrate. On SoloLuck your username is your payout address, so that protection is meaningful.
How do I connect to the TLS port?
Point your miner at stratum+tcps://stratum.sololuck.io:3334 — note the trailing 's' in 'tcps', the encrypted scheme — using your own Bitcoin address and an optional worker label as the username, e.g. bc1qexampleaddr….rig1.
Will TLS slow my miner down or add latency?
Not meaningfully. TLS adds a one-time handshake and a tiny bit of CPU to encrypt messages — negligible next to your ASIC's workload. Just confirm your firmware (AxeOS, cgminer, etc.) actually supports a TLS/tcps option first.

All blog posts · Mining guides · Start solo mining

Ready to take a ticket?

Paste your address and copy the config from /setup, watch the pool on /status, and check every claim on /verify. Mine to your own address — that is what makes it truly solo.

Get the setup config →

Not ready to point a miner yet? Run your gear through the odds calculator, or join Telegram for block & record alerts — no rig required.

More guides

Browse all guides →