From a4f132770dc136d456c67b01d209e73f5f4d7a65 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 11 Oct 2009 13:56:04 +0200 Subject: [PATCH] Revert "Raise default crypto algorithms to AES256 and SHA256." Although it would be better to have the new defaults, only the most recent releases of most of the platforms supported by tinc come with a version of OpenSSL that supports SHA256. To ensure people can compile tinc and that nodes can interact with each other, we revert the default back to Blowfish and SHA1. This reverts commit 4bb3793e38b7c7f24dd308801e7f6dbb02cf02d2. --- src/net_setup.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/net_setup.c b/src/net_setup.c index f7302db7..a08981f9 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -352,14 +352,14 @@ bool setup_myself(void) { } } } else - myself->incipher = EVP_aes_256_cbc(); + myself->incipher = EVP_bf_cbc(); if(myself->incipher) myself->inkeylength = myself->incipher->key_len + myself->incipher->iv_len; else myself->inkeylength = 1; - myself->connection->outcipher = EVP_aes_256_ofb(); + myself->connection->outcipher = EVP_bf_ofb(); if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) keylifetime = 3600; @@ -380,9 +380,9 @@ bool setup_myself(void) { } } } else - myself->indigest = EVP_sha256(); + myself->indigest = EVP_sha1(); - myself->connection->outdigest = EVP_sha256(); + myself->connection->outdigest = EVP_sha1(); if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->inmaclength)) { if(myself->indigest) { -- 2.39.5