Tinc Cipher and Digest question

Sven-Haegar Koch haegar at sdinet.de
Tue Apr 7 20:49:06 CEST 2015


Hallo,

A question about the tinc Cipher= and Digest= values:

Do these values absolutely need to be identical on both "sides" for the 
connection to work? Or does it only affect the outgoing side of the 
packets but not the receive?

For example three nodes, two with ConnectTo= to Hub H, and on host A I 
have a hosts/H and hosts/B entry with:

Cipher=blowfish
Digest=sha1

But on host B I have a hosts/H and hosts/A entry with:

Cipher=aes
Digest=sha256

(And worst case like on Hub H hosts/A and hosts/B with Cipher=none, 
Digest=none)

The question is because we currently have a big net using the default 
Cipher=blowfish and Digest=sha1, and would like to switch to something 
more secure and AES-NI optimized, but can't change all nodes at the same 
time, and do not want to break half the network in the middle.

(And yes, I know this only affects the tinc 1.0 hosts, but they are 
still the majority)

c'ya
sven-haegar

-- 
Three may keep a secret, if two of them are dead.
- Ben F.


More information about the tinc mailing list