diff options
author | Jakob Borg <jakob@kastelo.net> | 2021-04-26 10:04:35 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-04-26 10:04:35 +0200 |
commit | 74823e81e958bcb7f391803502e59f6890efa65a (patch) | |
tree | 1065ffe3df030820095ee337bafa41ba2c7886f1 /proto | |
parent | ef4b8a2cf86d067c59a31ab3de20ffc0dca6e877 (diff) | |
download | syncthing-74823e81e958bcb7f391803502e59f6890efa65a.tar.gz syncthing-74823e81e958bcb7f391803502e59f6890efa65a.zip |
all: Deprecate TLS 1.2 on sync connections (fixes #7594) (#7598)
This makes us use TLS 1.3+ on sync connections by default. A new option
`insecureAllowOldTLSVersions` exists to allow communication with TLS
1.2-only clients (roughly Syncthing 1.2.2 and older). Even with that
option set you get a slightly simplified setup, with the cipher suite
order fixed instead of auto detected.
Diffstat (limited to 'proto')
-rw-r--r-- | proto/lib/config/optionsconfiguration.proto | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/proto/lib/config/optionsconfiguration.proto b/proto/lib/config/optionsconfiguration.proto index 07a00a625..1a13305d1 100644 --- a/proto/lib/config/optionsconfiguration.proto +++ b/proto/lib/config/optionsconfiguration.proto @@ -67,6 +67,10 @@ message OptionsConfiguration { // attempting outgoing connections. int32 connection_limit_max = 52; + // When set, this allows TLS 1.2 on sync connections, where we otherwise + // default to TLS 1.3+ only. + bool insecure_allow_old_tls_versions = 53 [(ext.goname)= "InsecureAllowOldTLSVersions", (ext.xml) = "insecureAllowOldTLSVersions", (ext.json) = "insecureAllowOldTLSVersions"]; + // Legacy deprecated bool upnp_enabled = 9000 [deprecated = true, (ext.goname) = "DeprecatedUPnPEnabled"]; int32 upnp_lease_m = 9001 [deprecated = true, (ext.goname) = "DeprecatedUPnPLeaseM", (ext.xml) = "upnpLeaseMinutes,omitempty"]; |