From 4bb3793e38b7c7f24dd308801e7f6dbb02cf02d2 Mon Sep 17 00:00:00 2001
From: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue, 15 Sep 2009 12:08:05 +0200
Subject: [PATCH] Raise default crypto algorithms to AES256 and SHA256.

In light of the recent improvements of attacks on SHA1, the default hash
algorithm in tinc is now SHA256. At the same time, the default symmetric
encryption algorithm has been changed to AES256.
---
 src/net_setup.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/net_setup.c b/src/net_setup.c
index d45cb1b..3c4bf48 100644
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -362,14 +362,14 @@ bool setup_myself(void)
 			}
 		}
 	} else
-		myself->incipher = EVP_bf_cbc();
+		myself->incipher = EVP_aes_256_cbc();
 
 	if(myself->incipher)
 		myself->inkeylength = myself->incipher->key_len + myself->incipher->iv_len;
 	else
 		myself->inkeylength = 1;
 
-	myself->connection->outcipher = EVP_bf_ofb();
+	myself->connection->outcipher = EVP_aes_256_ofb();
 
 	if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
 		keylifetime = 3600;
@@ -390,9 +390,9 @@ bool setup_myself(void)
 			}
 		}
 	} else
-		myself->indigest = EVP_sha1();
+		myself->indigest = EVP_sha256();
 
-	myself->connection->outdigest = EVP_sha1();
+	myself->connection->outdigest = EVP_sha256();
 
 	if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->inmaclength)) {
 		if(myself->indigest) {
-- 
2.25.1