Choosing cipher for data transfer


Hi all,

yesterday I came across Syncthing and started reading the documentation on the site, in particular this text:

Data that is sent over the network is (optionally) compressed and encrypted using AES-128. When receiving data, it must be decrypted.

I’d like to ask: is it possible to force the encryption to be AES-256? I did not see any configuration parameter about this.

As far as I understood, some posts in 2014 say that the used cipher is the strongest Go could implement at the time, and it was AES-128. But in Syncthing documentation i see the list of strong ciphers among which

0xC028 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH RSA AES(256) SHA384

is listed.

I’m a little bit confused. Can you help me?

Consider that the added workload to compute AES-256 encryption/decryption as well as the decrease of the data transfer rate are not an issue in the context I’ll be using Syncthing.

Thanks in advance.

(Audrius Butkevicius) #2

So I think that comment is no longer relevant as the encryption in theory might vary based on the suite selected. In practice I think it’s the same strongest suite all the time as syncthing mostly talks to other syncthing clients which have the same suite order defined.

(Jakob Borg) #3

Yes, that doc is outdated. See the actual Syncthing log for what is used. It depends a little bit on what the actual hardware is (the TLS library has preference for things that are hardware accelerated):

[SYNO4] 07:24:36 INFO: Established secure connection to ... at ... (tcp-client)

The actual set of allowed cipher suites is here:


Thanks for the details. Just let me check if I understood well:

  1. AES-256 is supported
  2. The “best” CipherSuite is automatically chosen by the TLS library depending on the hardware and on the list order

So, if I had the requirement to use AES-256, how could I reach the goal, that is, forcing Syncthing to use AES-256? Do I have to reorder the list and/or comment the CipherSuites I’m not interested in?

Thanks in advance.

(Jakob Borg) #5

Yes, remove the entries you don’t want, order with preference at the top, recompile.

Note though that AES256 is not necessarily more secure than AES128 or ChaCha20. It’s a fair bit slower though.

(system) closed #6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.