Forcing tinc to use aes-128 cipher
Guus Sliepen
guus at tinc-vpn.org
Wed Jul 6 13:23:36 CEST 2005
On Wed, Jun 29, 2005 at 03:51:24PM -0500, Jon Howard wrote:
> I am trying to get tinc to use aes-128-cbc for it's encryption
> algorythm for network traffic. So far, I'm not having any luck.
> I've tried putting it into the tinc.conf file, and it turns out that
> tinc is ignoring that code completely. I'm using tinc 1.0.4 (in TCP
> mode). Openssl version 0.9.7d. I've made some initial investigation
The manpage mentions this:
Cipher = cipher (blowfish)
The symmetric cipher algorithm used to encrypt UDP packets. Any
cipher supported by OpenSSL is recognised. Furthermore,
specifying "none" will turn off packet encryption. It is best
to use only those ciphers which support CBC mode.
Note that it only speaks about UDP packets. When tinc 1.0 was released
the protocol did not allow the cipher used for TCP streams to be
changed. The protocol has not been changed since then to make sure
subsequent versions are backwards compatible. So your observations are
entirely correct!
The quickest way to get a new feature in tinc is to send a patch ;)
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://brouwer.uvt.nl/pipermail/tinc-devel/attachments/20050706/7b18019d/attachment.pgp
More information about the tinc-devel
mailing list