From: Guus Sliepen Date: Tue, 15 Sep 2009 10:08:05 +0000 (+0200) Subject: Raise default crypto algorithms to AES256 and SHA256. X-Git-Tag: release-1.0.10~26 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=4bb3793e38b7c7f24dd308801e7f6dbb02cf02d2;p=oweals%2Ftinc.git Raise default crypto algorithms to AES256 and SHA256. In light of the recent improvements of attacks on SHA1, the default hash algorithm in tinc is now SHA256. At the same time, the default symmetric encryption algorithm has been changed to AES256. --- diff --git a/src/net_setup.c b/src/net_setup.c index d45cb1b..3c4bf48 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -362,14 +362,14 @@ bool setup_myself(void) } } } else - myself->incipher = EVP_bf_cbc(); + myself->incipher = EVP_aes_256_cbc(); if(myself->incipher) myself->inkeylength = myself->incipher->key_len + myself->incipher->iv_len; else myself->inkeylength = 1; - myself->connection->outcipher = EVP_bf_ofb(); + myself->connection->outcipher = EVP_aes_256_ofb(); if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) keylifetime = 3600; @@ -390,9 +390,9 @@ bool setup_myself(void) } } } else - myself->indigest = EVP_sha1(); + myself->indigest = EVP_sha256(); - myself->connection->outdigest = EVP_sha1(); + myself->connection->outdigest = EVP_sha256(); if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->inmaclength)) { if(myself->indigest) {