Starting with Resilio Connect v2.7.2, Agents support AES128 and AES256 encryption algorithms for encryption of data transfers and SRP and DHE-PSK for peers authentication.
All newly installed agents of version 2.7.2 will use AES256 and DHE-PSK by default and support the SRP (Secure Remote Password) protocol for backward compatibility when necessary.
Legacy agents
Agents updated from an older version to 2.7.2 will continue using the SRP and AES128 protocol by default unless explicitly configured with the new cipher suites.
If perfect forward secrecy is a requirement, switch agents to DHE-PSK through the agent profile setting custom parameter tunnel_ciphers
with the following possible cipher set values:
SYNC-SRP
DHE-PSK-AES256-GCM-SHA384
DHE-PSK-AES128-GCM-SHA256
If you select a single value then agents will be using only that cipher set. To communicate with legacy agents, letting agents agree on a common protocol when establishing a connection. To specify multiple cipher set values with a semicolon (;) between SRP and TLS and colon (:) between TLS ciphers as delimiter between them "tunnel_ciphers": "SYNC-SRP;DHE-PSK-AES256-GCM-SHA384:DHE-PSK-AES128-GCM-SHA256"
.