NoMachine was designed with privacy and security in mind. Whether you are connecting to your device over the internet, LAN or corporate network, all traffic between devices is always encrypted.

Encryption in the NX protocol is implemented using OpenSSL TLS/SSL.  It uses 'ECDHE-RSA-AES128-GCM-SHA256' (since version 4.1) as the default cipher suite, TLS 1.2. 'ECDHE-RSA-AES128-GCM-SHA256' is an AES (Advanced Encryption Standard) block cipher with 128 bits key in GCM (Galois/Counter Mode). RC4 is used as a backward compatibility when connecting from or to NoMachine version 4.x.

(Encryption in NX Protocol version 4.0 was based on 2048bit RSA private/public key exchange and the ECDHE-RSA-RC4-SHA cipher suite. This suite uses elliptic curve ephemeral Diffie-Hellman keys exchange and RC4 stream cipher with 128 bit (16 bytes) keys for strong encryption.)

Encryption of UDP traffic is based on Blowfish cyphers negotiated through the secure TCP connection. Web sessions are powered by Apache with mod_ssl using the same OpenSSL cryptography engine.

Additionally, NoMachine for the Enterprise products (https://www.nomachine.com/enterprise and https://www.nomachine.com/terminal-server) provide tunneling of connections using SSH and full integration with any authentication backend supported by the host SSH server.