+ replaywin = (unsigned)replaywin_int;
+ sptps_replaywin = replaywin;
+ }
+
+#ifndef DISABLE_LEGACY
+ /* Generate packet encryption key */
+
+ char *cipher;
+
+ if(!get_config_string(lookup_config(&config_tree, "Cipher"), &cipher)) {
+ cipher = xstrdup("aes-256-cbc");
+ }
+
+ if(!strcasecmp(cipher, "none")) {
+ myself->incipher = NULL;
+ } else {
+ myself->incipher = cipher_alloc();
+
+ if(!cipher_open_by_name(myself->incipher, cipher)) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Unrecognized cipher type!");
+ cipher_free(myself->incipher);
+ myself->incipher = NULL;
+ free(cipher);
+ return false;
+ }
+ }
+
+ free(cipher);
+
+ timeout_add(&keyexpire_timeout, keyexpire_handler, &keyexpire_timeout, &(struct timeval) {
+ keylifetime, jitter()
+ });
+
+ /* Check if we want to use message authentication codes... */
+
+ int maclength = 4;
+ get_config_int(lookup_config(&config_tree, "MACLength"), &maclength);
+
+ if(maclength < 0) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Bogus MAC length!");
+ return false;
+ }
+
+ char *digest;
+
+ if(!get_config_string(lookup_config(&config_tree, "Digest"), &digest)) {
+ digest = xstrdup("sha256");
+ }
+
+ if(!strcasecmp(digest, "none")) {
+ myself->indigest = NULL;
+ } else {
+ myself->indigest = digest_alloc();
+
+ if(!digest_open_by_name(myself->indigest, digest, maclength)) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Unrecognized digest type!");
+ digest_free(myself->indigest);
+ myself->indigest = NULL;
+ free(digest);