yesterday I came across Syncthing and started reading the documentation on the site, in particular this text:
Data that is sent over the network is (optionally) compressed and encrypted using AES-128. When receiving data, it must be decrypted.
I’d like to ask: is it possible to force the encryption to be AES-256?
I did not see any configuration parameter about this.
As far as I understood, some posts in 2014 say that the used cipher is the strongest Go could implement at the time, and it was AES-128.
But in Syncthing documentation i see the list of strong ciphers among which
So I think that comment is no longer relevant as the encryption in theory might vary based on the suite selected. In practice I think it’s the same strongest suite all the time as syncthing mostly talks to other syncthing clients which have the same suite order defined.
Yes, that doc is outdated. See the actual Syncthing log for what is used. It depends a little bit on what the actual hardware is (the TLS library has preference for things that are hardware accelerated):
[SYNO4] 07:24:36 INFO: Established secure connection to ... at ... (tcp-client)