Tinc Cipher and Digest question
Sven-Haegar Koch
haegar at sdinet.de
Tue Apr 7 20:49:06 CEST 2015
Hallo,
A question about the tinc Cipher= and Digest= values:
Do these values absolutely need to be identical on both "sides" for the
connection to work? Or does it only affect the outgoing side of the
packets but not the receive?
For example three nodes, two with ConnectTo= to Hub H, and on host A I
have a hosts/H and hosts/B entry with:
Cipher=blowfish
Digest=sha1
But on host B I have a hosts/H and hosts/A entry with:
Cipher=aes
Digest=sha256
(And worst case like on Hub H hosts/A and hosts/B with Cipher=none,
Digest=none)
The question is because we currently have a big net using the default
Cipher=blowfish and Digest=sha1, and would like to switch to something
more secure and AES-NI optimized, but can't change all nodes at the same
time, and do not want to break half the network in the middle.
(And yes, I know this only affects the tinc 1.0 hosts, but they are
still the majority)
c'ya
sven-haegar
--
Three may keep a secret, if two of them are dead.
- Ben F.
More information about the tinc
mailing list