> All device to device traffic is protected by TLS. To prevent uninvited devices from joining a cluster, the certificate fingerprint of each device is compared to a preset list of acceptable devices at connection establishment.
So yeah, transport is encrypted. I do believe they need to put that fact front and center, though. It took me a few minutes to find out. (Thanks for making me find out, though! I use Syncthing heavily and it never occurred to me to even question this.)
Thanks for finding that. I had the impression syncthing was focused on efficiency only, and not necessarily privacy/encryption. I had the impression a synced copy would be rebuilt from several sources at once, over the syncthing discovery protocol - and may not be encrypted in transit.
> All device to device traffic is protected by TLS. To prevent uninvited devices from joining a cluster, the certificate fingerprint of each device is compared to a preset list of acceptable devices at connection establishment.
So yeah, transport is encrypted. I do believe they need to put that fact front and center, though. It took me a few minutes to find out. (Thanks for making me find out, though! I use Syncthing heavily and it never occurred to me to even question this.)