I know that TLS 1.2+ are Compliant, Is the message authentication also compliant? According to FIPS the message authentication should use one of the following: CCM, GCM, GMAC, CMAC, HMAC. The basic assumption is that syncthing uses messaging internally. (I am not sure if it applies to the TLS negotiations - which I would assume is beyond the scope of syncthing)
We simply use TLS with some subset of ciphers.
The messages produced internally are not authenticated in any way, other than what TLS does for the whole stream on top of that.
We generally use AES-GCM (i.e., that is typically what gets selected). So yes, that includes message authentication. All of the TLS modes do in one way or the other.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.