At the start of the decade, there were still distributions that shipped
with versions of OpenSSL that did not support these algorithms. By now
everyone should support them. The old defaults were Blowfish and SHA1,
both of which are not considered secure anymore.
The meta-protocol now always uses AES in OFB mode, but the key length
will adapt to the one specified by the Cipher option. The digest for the
meta-protocol is hardcoded to SHA256.
.Va Address
variables can be specified, in which case each address will be tried until a working
connection has been established.
.Va Address
variables can be specified, in which case each address will be tried until a working
connection has been established.
-.It Va Cipher Li = Ar cipher Pq blowfish
+.It Va Cipher Li = Ar cipher Pq aes-256-cbc
The symmetric cipher algorithm used to encrypt UDP packets.
Any cipher supported by LibreSSL or OpenSSL is recognised.
Furthermore, specifying
The symmetric cipher algorithm used to encrypt UDP packets.
Any cipher supported by LibreSSL or OpenSSL is recognised.
Furthermore, specifying
This option sets the level of compression used for UDP packets.
Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
10 (fast lzo) and 11 (best lzo).
This option sets the level of compression used for UDP packets.
Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
10 (fast lzo) and 11 (best lzo).
-.It Va Digest Li = Ar digest Pq sha1
+.It Va Digest Li = Ar digest Pq sha256
The digest algorithm used to authenticate UDP packets.
Any digest supported by LibreSSL or OpenSSL is recognised.
Furthermore, specifying
The digest algorithm used to authenticate UDP packets.
Any digest supported by LibreSSL or OpenSSL is recognised.
Furthermore, specifying
tried until a working connection has been established.
@cindex Cipher
tried until a working connection has been established.
@cindex Cipher
-@item Cipher = <@var{cipher}> (blowfish)
+@item Cipher = <@var{cipher}> (aes-256-cbc)
The symmetric cipher algorithm used to encrypt UDP packets.
Any cipher supported by LibreSSL or OpenSSL is recognized.
Furthermore, specifying "none" will turn off packet encryption.
The symmetric cipher algorithm used to encrypt UDP packets.
Any cipher supported by LibreSSL or OpenSSL is recognized.
Furthermore, specifying "none" will turn off packet encryption.
10 (fast lzo) and 11 (best lzo).
@cindex Digest
10 (fast lzo) and 11 (best lzo).
@cindex Digest
-@item Digest = <@var{digest}> (sha1)
+@item Digest = <@var{digest}> (sha256)
The digest algorithm used to authenticate UDP packets.
Any digest supported by LibreSSL or OpenSSL is recognized.
Furthermore, specifying "none" will turn off packet authentication.
The digest algorithm used to authenticate UDP packets.
Any digest supported by LibreSSL or OpenSSL is recognized.
Furthermore, specifying "none" will turn off packet authentication.
- myself->incipher = EVP_bf_cbc();
+ myself->incipher = EVP_aes_256_cbc();
if(myself->incipher)
myself->inkeylength = EVP_CIPHER_key_length(myself->incipher) + EVP_CIPHER_iv_length(myself->incipher);
else
myself->inkeylength = 1;
if(myself->incipher)
myself->inkeylength = EVP_CIPHER_key_length(myself->incipher) + EVP_CIPHER_iv_length(myself->incipher);
else
myself->inkeylength = 1;
- myself->connection->outcipher = EVP_bf_ofb();
+ /* We need to use OFB mode for the meta protocol. Use AES for this,
+ but try to match the key size with the one from the cipher selected
+ by Cipher.
+ */
+
+ int keylen = EVP_CIPHER_key_length(myself->incipher);
+ if(keylen <= 16)
+ myself->connection->outcipher = EVP_aes_128_ofb();
+ else if(keylen <= 24)
+ myself->connection->outcipher = EVP_aes_192_ofb();
+ else
+ myself->connection->outcipher = EVP_aes_256_ofb();
if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
keylifetime = 3600;
if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
keylifetime = 3600;
- myself->indigest = EVP_sha1();
+ myself->indigest = EVP_sha256();
- myself->connection->outdigest = EVP_sha1();
+ myself->connection->outdigest = EVP_sha256();
if(get_config_int(lookup_config(config_tree, "MACLength"), &myself->inmaclength)) {
if(myself->indigest) {
if(get_config_int(lookup_config(config_tree, "MACLength"), &myself->inmaclength)) {
if(myself->indigest) {