We quite often have this message (from line 13 in attachment log).
And interestingly always on Wednesdays before 4 pm.
Do you have any ideas concerning reasons and correction?
(on both concerned servers we have marked the option “Insecure Allow Old TLS Versions”).
Do you use the Task Scheduler to start Syncthing? If not, please describe exactly what you do to run it (as I’d assume that you don’t execute syncthing.exe manually each time…).
Is there any specific reason for this? Your Syncthing version is quite new, and I’d assume the same is the case on the other device. This option was originally added to allow synchronisation with very old Syncthing versions that had been shipped with some LTS Linux distributions and hadn’t been updated since then. There is normally no need to enable it unless you’ve got devices still running those old distros.
Yes, we use the Task Scheduler to start Syncthing (defined ‘at system startup’, by starting batch script, with command ‘C:\SyncThing\syncthing-windows-amd64-v1.20.1\syncthing.exe -no-browser -logflags=7’).
We have set the TLS option because on our Windows server ‘Use TLS 1.2’ ist defined and we thought that this could be in opposition to the message in the log (line 14).
Please check in the task settings whether the task isn’t set to automatically stop running after 3 days (which is the default). Syncthing is supposed to be always running, so it should have no time limit.
Yeah, you don’t need to enable any such option if you don’t run something like Syncthing v1.0 and older on other devices. The option itself is described in the Docs (see https://docs.syncthing.net/advanced/option-insecure-allow-old-tls-versions.html), although it would be nice if the specific version numbers were mentioned there.
It’s difficult to specify this exactly, because it’s more of a question of which Go version syncthing was compiled with and with which settings syncthing is being run.
TLS 1.3 is enabled by default with Go 1.13 and newer. Syncthing v1.3.0 was the first official release to be build with Go 1.13 [Numbers align quite nicely actually].
Before that, Go 1.12 already supported TLS 1.3, but only with a GODEBUG opt-in. Syncthing used to set this on beta builds by default, but not on release builds. In any case, users could manually set this if they wanted to. Therefore, various syncthing versions build with Go 1.12 might support TLS v1.3 as well.
Third-party packaging might have used different Go versions as the builder and hence version numbers will vary for them.