Choosing cipher for data transfer

Hi all,

yesterday I came across Syncthing and started reading the documentation on the site, in particular this text:

Data that is sent over the network is (optionally) compressed and encrypted using AES-128. When receiving data, it must be decrypted.

I’d like to ask: is it possible to force the encryption to be AES-256? I did not see any configuration parameter about this.

As far as I understood, some posts in 2014 say that the used cipher is the strongest Go could implement at the time, and it was AES-128. But in Syncthing documentation i see the list of strong ciphers among which

0xC028 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH RSA AES(256) SHA384

is listed.

I’m a little bit confused. Can you help me?

Consider that the added workload to compute AES-256 encryption/decryption as well as the decrease of the data transfer rate are not an issue in the context I’ll be using Syncthing.

Thanks in advance.

So I think that comment is no longer relevant as the encryption in theory might vary based on the suite selected. In practice I think it’s the same strongest suite all the time as syncthing mostly talks to other syncthing clients which have the same suite order defined.

1 Like

Yes, that doc is outdated. See the actual Syncthing log for what is used. It depends a little bit on what the actual hardware is (the TLS library has preference for things that are hardware accelerated):

[SYNO4] 07:24:36 INFO: Established secure connection to ... at ... (tcp-client)

The actual set of allowed cipher suites is here:

1 Like

Thanks for the details. Just let me check if I understood well:

  1. AES-256 is supported
  2. The “best” CipherSuite is automatically chosen by the TLS library depending on the hardware and on the list order

So, if I had the requirement to use AES-256, how could I reach the goal, that is, forcing Syncthing to use AES-256? Do I have to reorder the list and/or comment the CipherSuites I’m not interested in?

Thanks in advance.

Yes, remove the entries you don’t want, order with preference at the top, recompile.

Note though that AES256 is not necessarily more secure than AES128 or ChaCha20. It’s a fair bit slower though.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.