Just some random thoughts of mine, not actual solutions
- You can differentiate between HTTPS and syncthing traffic using ALPN, but this doesn’t help in differentiating between two syncthing connections (Syncting on Port 443 behind SSLH - configuration).
- Syncthing’s default certificate common name is “syncthing”. You could in theory use your own certificates with custom common names. But this requires quite some amount of configuration. Edit: This has the same issue(s) as the third point.
- Device ID is based on hash of the certificate. But this isn’t helpful when determining the destination of a syncthing connection (in TLS the server needs to send it’s certificate first).