mirror of
https://github.com/octoleo/syncthing.git
synced 2024-12-23 19:39:05 +00:00
6d11006b54
This replaces the current 3072 bit RSA certificates with 384 bit ECDSA certificates. The advantage is these certificates are smaller and essentially instantaneous to generate. According to RFC4492 (ECC Cipher Suites for TLS), Table 1: Comparable Key Sizes, ECC has comparable strength to 3072 bit RSA at 283 bits - so we exceed that. There is no compatibility issue with existing Syncthing code - this is verified by the integration test ("h2" instance has the new certificate). There are browsers out there that don't understand ECC certificates yet, although I think they're dying out. In the meantime, I've retained the RSA code for the HTTPS certificate, but pulled it down to 2048 bits. I don't think a higher security level there is motivated, is this matches current industry standard for HTTPS certificates.
84 lines
4.1 KiB
XML
84 lines
4.1 KiB
XML
<configuration version="12">
|
|
<folder id="s23" path="s23-3/" ro="false" rescanIntervalS="20" ignorePerms="false" autoNormalize="true">
|
|
<device id="MRIW7OK-NETT3M4-N6SBWME-N25O76W-YJKVXPH-FUMQJ3S-P57B74J-GBITBAC"></device>
|
|
<device id="373HSRP-QLPNLIE-JYKZVQF-P4PKZ63-R2ZE6K3-YD442U2-JHBGBQG-WWXAHAU"></device>
|
|
<minDiskFreePct>1</minDiskFreePct>
|
|
<versioning></versioning>
|
|
<copiers>1</copiers>
|
|
<pullers>16</pullers>
|
|
<hashers>0</hashers>
|
|
<order>random</order>
|
|
<ignoreDelete>false</ignoreDelete>
|
|
<scanProgressIntervalS>0</scanProgressIntervalS>
|
|
<pullerSleepS>0</pullerSleepS>
|
|
<pullerPauseS>0</pullerPauseS>
|
|
<maxConflicts>-1</maxConflicts>
|
|
</folder>
|
|
<folder id="default" path="s3/" ro="false" rescanIntervalS="20" ignorePerms="false" autoNormalize="true">
|
|
<device id="I6KAH76-66SLLLB-5PFXSOA-UFJCDZC-YAOMLEK-CP2GB32-BV5RQST-3PSROAU"></device>
|
|
<device id="MRIW7OK-NETT3M4-N6SBWME-N25O76W-YJKVXPH-FUMQJ3S-P57B74J-GBITBAC"></device>
|
|
<device id="373HSRP-QLPNLIE-JYKZVQF-P4PKZ63-R2ZE6K3-YD442U2-JHBGBQG-WWXAHAU"></device>
|
|
<minDiskFreePct>1</minDiskFreePct>
|
|
<versioning type="simple">
|
|
<param key="keep" val="5"></param>
|
|
</versioning>
|
|
<copiers>1</copiers>
|
|
<pullers>16</pullers>
|
|
<hashers>0</hashers>
|
|
<order>random</order>
|
|
<ignoreDelete>false</ignoreDelete>
|
|
<scanProgressIntervalS>0</scanProgressIntervalS>
|
|
<pullerSleepS>0</pullerSleepS>
|
|
<pullerPauseS>0</pullerPauseS>
|
|
<maxConflicts>-1</maxConflicts>
|
|
</folder>
|
|
<device id="I6KAH76-66SLLLB-5PFXSOA-UFJCDZC-YAOMLEK-CP2GB32-BV5RQST-3PSROAU" name="s1" compression="metadata" introducer="false">
|
|
<address>tcp://127.0.0.1:22001</address>
|
|
</device>
|
|
<device id="MRIW7OK-NETT3M4-N6SBWME-N25O76W-YJKVXPH-FUMQJ3S-P57B74J-GBITBAC" name="s2" compression="metadata" introducer="false">
|
|
<address>tcp://127.0.0.1:22002</address>
|
|
</device>
|
|
<device id="373HSRP-QLPNLIE-JYKZVQF-P4PKZ63-R2ZE6K3-YD442U2-JHBGBQG-WWXAHAU" name="s3" compression="metadata" introducer="false">
|
|
<address>tcp://127.0.0.1:22003</address>
|
|
</device>
|
|
<gui enabled="true" tls="false">
|
|
<address>127.0.0.1:8083</address>
|
|
<apikey>abc123</apikey>
|
|
</gui>
|
|
<options>
|
|
<listenAddress>tcp://127.0.0.1:22003</listenAddress>
|
|
<globalAnnounceServer>default</globalAnnounceServer>
|
|
<globalAnnounceEnabled>false</globalAnnounceEnabled>
|
|
<localAnnounceEnabled>false</localAnnounceEnabled>
|
|
<localAnnouncePort>21027</localAnnouncePort>
|
|
<localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>
|
|
<relayServer>dynamic+https://relays.syncthing.net/endpoint</relayServer>
|
|
<maxSendKbps>0</maxSendKbps>
|
|
<maxRecvKbps>0</maxRecvKbps>
|
|
<reconnectionIntervalS>5</reconnectionIntervalS>
|
|
<relaysEnabled>true</relaysEnabled>
|
|
<relayReconnectIntervalM>10</relayReconnectIntervalM>
|
|
<relayWithoutGlobalAnn>false</relayWithoutGlobalAnn>
|
|
<startBrowser>false</startBrowser>
|
|
<upnpEnabled>false</upnpEnabled>
|
|
<upnpLeaseMinutes>0</upnpLeaseMinutes>
|
|
<upnpRenewalMinutes>30</upnpRenewalMinutes>
|
|
<upnpTimeoutSeconds>10</upnpTimeoutSeconds>
|
|
<urAccepted>-1</urAccepted>
|
|
<urUniqueID></urUniqueID>
|
|
<urURL>https://data.syncthing.net/newdata</urURL>
|
|
<urPostInsecurely>false</urPostInsecurely>
|
|
<urInitialDelayS>1800</urInitialDelayS>
|
|
<restartOnWakeup>true</restartOnWakeup>
|
|
<autoUpgradeIntervalH>12</autoUpgradeIntervalH>
|
|
<keepTemporariesH>24</keepTemporariesH>
|
|
<cacheIgnoredFiles>true</cacheIgnoredFiles>
|
|
<progressUpdateIntervalS>5</progressUpdateIntervalS>
|
|
<symlinksEnabled>true</symlinksEnabled>
|
|
<limitBandwidthInLan>false</limitBandwidthInLan>
|
|
<databaseBlockCacheMiB>0</databaseBlockCacheMiB>
|
|
<minHomeDiskFreePct>1</minHomeDiskFreePct>
|
|
<releasesURL>https://api.github.com/repos/syncthing/syncthing/releases?per_page=30</releasesURL>
|
|
</options>
|
|
</configuration>
|