Starting with Resilio Connect v2.7.2, Agents support AES128 and AES256 encryption algorithms for encryption of data transfers and SRP and DHE-PSK for peers authentication.
All newly installed agents of version 2.7.2 will use AES256 and DHE-PSK by default and support the SRP (Secure Remote Password) protocol for backward compatibility when necessary.
Legacy agentsAgents updated from an older version to 2.7.2 will continue using the SRP and AES128 protocol by default unless explicitly configured with the new cipher suites.
If perfect forward secrecy is a requirement, switch agents to DHE-PSK through the agent profile setting custom parameter
tunnel_ciphers with the following possible cipher set values:
If you select a single value then agents will be using only that cipher set. To communicate with legacy agents, letting agents agree on a common protocol when establishing a connection, specify multiple cipher set values with a colon (:) as delimiter between them.