Syncthing log full of failed TLS handshake errors

luuk0000000000000000 · December 10, 2025, 7:31pm

Hello!

I’ve been using syncthing fine for a while now, and everything works great. However, I just checked my logs for no real reason, and there are a ton of these “Failed TLS handshake” errors.

Is this a misconfiguration on my end, or are these just portscanners that decided to target my server? I don’t see these errors on my other syncthing clients (that are on the same network).

Here’s a small snippet of the enormous load of lines (taken from the output of journalctl -xe)

Dec 10 20:00:41 luuk-linux syncthing[830]: Failed TLS handshake (address=69.131.66.125:52553 error="tls: first record does not look like a TLS handshake" log.pkg=connections)
Dec 10 20:00:41 luuk-linux syncthing[830]: Failed TLS handshake (address=73.1.185.205:51783 error="tls: first record does not look like a TLS handshake" log.pkg=connections)
Dec 10 20:00:41 luuk-linux syncthing[830]: Failed TLS handshake (address=68.108.16.73:40743 error="tls: first record does not look like a TLS handshake" log.pkg=connections)
Dec 10 20:00:41 luuk-linux syncthing[830]: Failed TLS handshake (address=172.56.177.191:1193 error="tls: first record does not look like a TLS handshake" log.pkg=connections)
Dec 10 20:00:41 luuk-linux syncthing[830]: Failed TLS handshake (address=98.97.11.218:2676 error="tls: first record does not look like a TLS handshake" log.pkg=connections)
Dec 10 20:00:41 luuk-linux syncthing[830]: Failed TLS handshake (address=172.248.213.230:45443 error="tls: first record does not look like a TLS handshake" log.pkg=connections)
Dec 10 20:00:41 luuk-linux syncthing[830]: Failed TLS handshake (address=76.21.226.235:58257 error="tls: first record does not look like a TLS handshake" log.pkg=connections)
Dec 10 20:00:42 luuk-linux syncthing[830]: Failed TLS handshake (address=76.22.136.90:36751 error="tls: first record does not look like a TLS handshake" log.pkg=connections)
Dec 10 20:00:42 luuk-linux syncthing[830]: Failed TLS handshake (address=108.173.72.240:41851 error="tls: first record does not look like a TLS handshake" log.pkg=connections)
Dec 10 20:00:42 luuk-linux syncthing[830]: Failed TLS handshake (address=98.239.74.213:57349 error="tls: first record does not look like a TLS handshake" log.pkg=connections)

tomasz86 · December 10, 2025, 7:35pm

Which versions of Syncthing are you running (on both sides)? I think you may also want to check https://forum.syncthing.net/t/failed-tls-handshake/25538.

luuk0000000000000000 · December 10, 2025, 7:37pm

This isn’t necessarily a problem with syncthing. In fact, syncthing works perfectly (and has worked perfectly for more than 2 years now).

However, my logfile keeps getting filled with these errors. These IP addresses do not belong to me.

calmh · December 10, 2025, 7:54pm

Scans from the internet.

pixelspark · December 10, 2025, 8:50pm

I suspect port 22000 is an alternative port used to mitigate the very same issue for SSH, whose port 22 is probably the most scanned port in existence.

If you want to silence the messages, just pick some random other port number and see if that helps. It shouldn’t matter which port you use for Syncthing anyway (if not for firewalls you may have configured in between of course).

luuk0000000000000000 · December 10, 2025, 8:57pm

Thank you! I think I’ll just leave it, if it doesn’t go away after a few days I might change my port.

system · January 9, 2026, 8:57pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.