mirror of
https://github.com/octoleo/syncthing.git
synced 2024-12-22 19:08:58 +00:00
718b1ce2b7
This changes the two remaining instances where we use insecure HTTPS to use standard HTTPS certificate verification. When we introduced these things, almost a decade ago, HTTPS certificates were expensive and annoying to get, much of the web was still HTTP, and many devices seemed to not have up-to-date CA bundles. Nowadays _all_ of the web is HTTPS and I'm skeptical that any device can work well without understanding LetsEncrypt certificates in particular. Our current discovery servers use hardcoded certificates which has several issues: - Not great for security if it leaks as there is no way to rotate it - Not great for infrastructure flexibility as we can't use many load balancer or TLS termination services - The certificate is a very oddball ECDSA-SHA384 type certificate which has higher CPU cost than a more regular certificate, which has real effects on our infrastructure Using normal TLS certificates here improves these things. I expect there will be some very few devices out there for which this doesn't work. For the foreseeable future they can simply change the config to use the old URLs and parameters -- it'll be years before we can retire those entirely. For the upgrade client this simply seems like better hygiene. While our releases are signed anyway, protecting the metadata exchange is _better_ and, again, I doubt many clients will fail this today. |
||
---|---|---|
.. | ||
debug.go | ||
signingkey.go | ||
signingkey.pem | ||
upgrade_common.go | ||
upgrade_supported.go | ||
upgrade_test.go | ||
upgrade_unsupp.go |