From: Guus Sliepen Date: Sun, 11 Oct 2009 11:56:04 +0000 (+0200) Subject: Revert "Raise default crypto algorithms to AES256 and SHA256." X-Git-Tag: release-1.0.10~8 X-Git-Url: https://tinc-vpn.org/git/browse?a=commitdiff_plain;h=a4f132770dc136d456c67b01d209e73f5f4d7a65;p=tinc Revert "Raise default crypto algorithms to AES256 and SHA256." Although it would be better to have the new defaults, only the most recent releases of most of the platforms supported by tinc come with a version of OpenSSL that supports SHA256. To ensure people can compile tinc and that nodes can interact with each other, we revert the default back to Blowfish and SHA1. This reverts commit 4bb3793e38b7c7f24dd308801e7f6dbb02cf02d2. --- diff --git a/src/net_setup.c b/src/net_setup.c index f7302db7..a08981f9 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -352,14 +352,14 @@ bool setup_myself(void) { } } } else - myself->incipher = EVP_aes_256_cbc(); + myself->incipher = EVP_bf_cbc(); if(myself->incipher) myself->inkeylength = myself->incipher->key_len + myself->incipher->iv_len; else myself->inkeylength = 1; - myself->connection->outcipher = EVP_aes_256_ofb(); + myself->connection->outcipher = EVP_bf_ofb(); if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) keylifetime = 3600; @@ -380,9 +380,9 @@ bool setup_myself(void) { } } } else - myself->indigest = EVP_sha256(); + myself->indigest = EVP_sha1(); - myself->connection->outdigest = EVP_sha256(); + myself->connection->outdigest = EVP_sha1(); if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->inmaclength)) { if(myself->indigest) {