Revert "Raise default crypto algorithms to AES256 and SHA256."
authorGuus Sliepen <guus@tinc-vpn.org>
Sun, 11 Oct 2009 11:56:04 +0000 (13:56 +0200)
committerGuus Sliepen <guus@tinc-vpn.org>
Sun, 11 Oct 2009 11:56:04 +0000 (13:56 +0200)
Although it would be better to have the new defaults, only the most recent
releases of most of the platforms supported by tinc come with a version of
OpenSSL that supports SHA256. To ensure people can compile tinc and that nodes
can interact with each other, we revert the default back to Blowfish and SHA1.

This reverts commit 4bb3793e38b7c7f24dd308801e7f6dbb02cf02d2.

src/net_setup.c

index f7302db..a08981f 100644 (file)
@@ -352,14 +352,14 @@ bool setup_myself(void) {
                        }
                }
        } else
-               myself->incipher = EVP_aes_256_cbc();
+               myself->incipher = EVP_bf_cbc();
 
        if(myself->incipher)
                myself->inkeylength = myself->incipher->key_len + myself->incipher->iv_len;
        else
                myself->inkeylength = 1;
 
-       myself->connection->outcipher = EVP_aes_256_ofb();
+       myself->connection->outcipher = EVP_bf_ofb();
 
        if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
                keylifetime = 3600;
@@ -380,9 +380,9 @@ bool setup_myself(void) {
                        }
                }
        } else
-               myself->indigest = EVP_sha256();
+               myself->indigest = EVP_sha1();
 
-       myself->connection->outdigest = EVP_sha256();
+       myself->connection->outdigest = EVP_sha1();
 
        if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->inmaclength)) {
                if(myself->indigest) {