The version of my syncthing is v0.13.10.I want to setup a strelaysrv server for accelerate relay. But I cant find the old version of strelaysrv,such as strelaysrv-windows-amd64-v0.13.10. Where can I get it?
While the development is in the main syncthing repo, the releases are in a separate one: https://github.com/syncthing/relaysrv/releases
May I ask why you are running such an old Syncthing version?
Also, the relay protocol hasn’t changed so the latest should work fine.
I just want to keep the best combination:blush:
When v0.14.xx is end , we will attempt to use it. Before that, we just test it. This is our strategy of using software in a production environment.
I have one more question.
Why do relay clients need to use ID when they connect to relay server?
Why not a relay server identity be confirmed by a certificate, like discovery server?
Using software that starts with a zero in it’s version in production environment is not a clever policy.
Relay server does use certificates, both for identifying devices and for verifying that the relay is who it says it is.
We could have relays not use certificate pinning, but that means the certificate needs to be signed by a valid CA.
We will probably rename 0.14 to 1.0 at some point. This is a name change only though. Otherwise 0.14 will be the inifinite version, as the “major” version number is only bumped by protocol incompatibilities, and we try to avoid those. 0.14.43 is probably about as stable as 0.14.0, or maybe less. 0.14.59, if there is one, will probably be no better than 0.14.43. But yeah, it’s your choice.
Yes, we want to use a certificate signed by avalid CA and clients just config “relay://relay.company.com:22067”.But that dont work.
I don’t think CA verification of relays is supported/implemented.
I tested it,It dont work. But I think it shoud be work
Another questionable decision on corporate security IMHO. Neither using old and unsupported software which won’t be updated even in case of found weaknesses nor using the incredibly broken x509 CA architecture makes any sense to me in any setting really.