Martchus
/
syncthing
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
syncthing/cmd
History
Jakob Borg 6d11006b54 Generate ECDSA keys instead of RSA 
This replaces the current 3072 bit RSA certificates with 384 bit ECDSA
certificates. The advantage is these certificates are smaller and
essentially instantaneous to generate. According to RFC4492 (ECC Cipher
Suites for TLS), Table 1: Comparable Key Sizes, ECC has comparable
strength to 3072 bit RSA at 283 bits - so we exceed that.

There is no compatibility issue with existing Syncthing code - this is
verified by the integration test ("h2" instance has the new
certificate).

There are browsers out there that don't understand ECC certificates yet,
although I think they're dying out. In the meantime, I've retained the
RSA code for the HTTPS certificate, but pulled it down to 2048 bits. I
don't think a higher security level there is motivated, is this matches
current industry standard for HTTPS certificates.
 		2015-11-27 09:15:12 +01:00
..
stcompdirs mv internal lib 2015-08-09 09:35:26 +02:00
stevents Change (default) GUI port from 8080 to 8384 ('ST' in ascii values) 2015-03-26 21:36:06 +01:00
stfileinfo Fix import paths 2015-09-22 19:38:46 +02:00
stfinddevice Fix import paths 2015-09-22 19:38:46 +02:00
stindex Because I am a muppet 2015-10-23 20:21:21 +01:00
stsigtool stsigtool should use the built in key by default 2015-08-24 16:24:00 +02:00
stwatchfile Add stwatchfile 2015-07-27 19:00:22 +01:00
syncthing Generate ECDSA keys instead of RSA 2015-11-27 09:15:12 +01:00
todos MPLv2 2015-03-17 16:02:27 +01:00
.gitignore Remove reprecated st* utils 2014-07-01 12:20:25 +02:00