summaryrefslogtreecommitdiff
path: root/net-p2p/syncthing/files/tls_params.patch
diff options
context:
space:
mode:
Diffstat (limited to 'net-p2p/syncthing/files/tls_params.patch')
-rw-r--r--net-p2p/syncthing/files/tls_params.patch28
1 files changed, 28 insertions, 0 deletions
diff --git a/net-p2p/syncthing/files/tls_params.patch b/net-p2p/syncthing/files/tls_params.patch
new file mode 100644
index 0000000..92b79ed
--- /dev/null
+++ b/net-p2p/syncthing/files/tls_params.patch
@@ -0,0 +1,28 @@
+diff --git a/cmd/syncthing/gui.go b/cmd/syncthing/gui.go
+index 29fc35b9..8e080237 100644
+--- a/cmd/syncthing/gui.go
++++ b/cmd/syncthing/gui.go
+@@ -187,19 +187,14 @@ func (s *apiService) getListener(guiCfg config.GUIConfiguration) (net.Listener,
+ }
+ tlsCfg := &tls.Config{
+ Certificates: []tls.Certificate{cert},
+- MinVersion: tls.VersionTLS10, // No SSLv3
++ MinVersion: tls.VersionTLS11,
+ CipherSuites: []uint16{
+ // No RC4
++ tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
++ tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
++ tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
+ tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+- tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+- tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+- tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+- tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+- tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+- tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+- tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+- tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+ },
+ }
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-14 17:12:37 +0000