Although it would be better to have the new defaults, only the most recent
releases of most of the platforms supported by tinc come with a version of
OpenSSL that supports SHA256. To ensure people can compile tinc and that nodes
can interact with each other, we revert the default back to Blowfish and SHA1.
This reverts commit
4bb3793e38b7c7f24dd308801e7f6dbb02cf02d2.
- myself->incipher = EVP_aes_256_cbc();
+ myself->incipher = EVP_bf_cbc();
if(myself->incipher)
myself->inkeylength = myself->incipher->key_len + myself->incipher->iv_len;
else
myself->inkeylength = 1;
if(myself->incipher)
myself->inkeylength = myself->incipher->key_len + myself->incipher->iv_len;
else
myself->inkeylength = 1;
- myself->connection->outcipher = EVP_aes_256_ofb();
+ myself->connection->outcipher = EVP_bf_ofb();
if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
keylifetime = 3600;
if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
keylifetime = 3600;
- myself->indigest = EVP_sha256();
+ myself->indigest = EVP_sha1();
- myself->connection->outdigest = EVP_sha256();
+ myself->connection->outdigest = EVP_sha1();
if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->inmaclength)) {
if(myself->indigest) {
if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->inmaclength)) {
if(myself->indigest) {