From: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun, 11 Oct 2009 11:56:04 +0000 (+0200)
Subject: Revert "Raise default crypto algorithms to AES256 and SHA256."
X-Git-Tag: release-1.0.10~8
X-Git-Url: https://git.librecmc.org/?p=oweals%2Ftinc.git;a=commitdiff_plain;h=a4f132770dc136d456c67b01d209e73f5f4d7a65

Revert "Raise default crypto algorithms to AES256 and SHA256."

Although it would be better to have the new defaults, only the most recent
releases of most of the platforms supported by tinc come with a version of
OpenSSL that supports SHA256. To ensure people can compile tinc and that nodes
can interact with each other, we revert the default back to Blowfish and SHA1.

This reverts commit 4bb3793e38b7c7f24dd308801e7f6dbb02cf02d2.
---

diff --git a/src/net_setup.c b/src/net_setup.c
index f7302db..a08981f 100644
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -352,14 +352,14 @@ bool setup_myself(void) {
 			}
 		}
 	} else
-		myself->incipher = EVP_aes_256_cbc();
+		myself->incipher = EVP_bf_cbc();
 
 	if(myself->incipher)
 		myself->inkeylength = myself->incipher->key_len + myself->incipher->iv_len;
 	else
 		myself->inkeylength = 1;
 
-	myself->connection->outcipher = EVP_aes_256_ofb();
+	myself->connection->outcipher = EVP_bf_ofb();
 
 	if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
 		keylifetime = 3600;
@@ -380,9 +380,9 @@ bool setup_myself(void) {
 			}
 		}
 	} else
-		myself->indigest = EVP_sha256();
+		myself->indigest = EVP_sha1();
 
-	myself->connection->outdigest = EVP_sha256();
+	myself->connection->outdigest = EVP_sha1();
 
 	if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->inmaclength)) {
 		if(myself->indigest) {