1
0
mirror of https://github.com/octoleo/syncthing.git synced 2025-01-13 03:11:41 +00:00
syncthing/lib
Jakob Borg 6d11006b54 Generate ECDSA keys instead of RSA
This replaces the current 3072 bit RSA certificates with 384 bit ECDSA
certificates. The advantage is these certificates are smaller and
essentially instantaneous to generate. According to RFC4492 (ECC Cipher
Suites for TLS), Table 1: Comparable Key Sizes, ECC has comparable
strength to 3072 bit RSA at 283 bits - so we exceed that.

There is no compatibility issue with existing Syncthing code - this is
verified by the integration test ("h2" instance has the new
certificate).

There are browsers out there that don't understand ECC certificates yet,
although I think they're dying out. In the meantime, I've retained the
RSA code for the HTTPS certificate, but pulled it down to 2048 bits. I
don't think a higher security level there is motivated, is this matches
current industry standard for HTTPS certificates.
2015-11-27 09:15:12 +01:00
..
auto Add plouj 2015-11-24 08:35:25 +01:00
beacon Remove unused struct field 2015-10-27 09:55:05 +01:00
config Handle sparse files (fixes ) 2015-11-21 17:58:09 +01:00
connections Add timeouts to relay methods 2015-11-23 21:14:46 +00:00
db Compact database on startup (ref ) 2015-11-24 13:17:30 +01:00
dialer Our dialer sets up TCP options 2015-10-16 19:18:22 +01:00
discover Fix typos. 2015-11-11 21:20:34 -05:00
events Don't cause rare spurious event timeout 2015-11-17 12:05:22 +01:00
fnmatch Use raw strings to describe regexes, avoids double escaping 2015-09-02 22:19:45 +02:00
ignore Correctly report errors encountered parsing ignores (fixes , fixes ) 2015-09-29 18:04:18 +02:00
logger Fix typos. 2015-11-11 21:20:34 -05:00
model Handle sparse files (fixes ) 2015-11-21 17:58:09 +01:00
osutil Revert "Case insensitive renames, part 1" 2015-09-30 21:40:04 +02:00
protocol Regenerate XDR for empty struct types 2015-11-24 20:54:49 +01:00
rc Handle sparse files (fixes ) 2015-11-21 17:58:09 +01:00
relay Regenerate XDR for empty struct types 2015-11-24 20:54:49 +01:00
scanner Refactor: multiple-if to switch 2015-11-20 11:24:50 +01:00
signature The PublicKey() method is an addition in Go 1.4 2015-10-27 16:03:14 +01:00
stats We should pass around db.Instance instead of leveldb.DB 2015-10-31 12:35:30 +01:00
symlinks Fix import paths 2015-09-22 19:38:46 +02:00
sync Remove dead code 2015-10-25 20:46:09 +00:00
tlsutil Generate ECDSA keys instead of RSA 2015-11-27 09:15:12 +01:00
upgrade Improve upgrade error messages 2015-11-24 08:29:42 -05:00
upnp Add user-agent header, capitalize headers as others seems to do it (fixes ) 2015-10-31 15:36:08 +00:00
versioner Implement facility based logger, debugging via REST API 2015-10-03 18:09:53 +02:00