6 Jul 2005 13:23
Re: Forcing tinc to use aes-128 cipher
On Wed, Jun 29, 2005 at 03:51:24PM -0500, Jon Howard wrote:
> I am trying to get tinc to use aes-128-cbc for it's encryption
> algorythm for network traffic. So far, I'm not having any luck.
> I've tried putting it into the tinc.conf file, and it turns out that
> tinc is ignoring that code completely. I'm using tinc 1.0.4 (in TCP
> mode). Openssl version 0.9.7d. I've made some initial investigation
The manpage mentions this:
Cipher = cipher (blowfish)
The symmetric cipher algorithm used to encrypt UDP packets. Any
cipher supported by OpenSSL is recognised. Furthermore,
specifying "none" will turn off packet encryption. It is best
to use only those ciphers which support CBC mode.
Note that it only speaks about UDP packets. When tinc 1.0 was released
the protocol did not allow the cipher used for TCP streams to be
changed. The protocol has not been changed since then to make sure
subsequent versions are backwards compatible. So your observations are
entirely correct!
The quickest way to get a new feature in tinc is to send a patch ;)
--
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus@...>
On Wed, Jun 29, 2005 at 03:51:24PM -0500, Jon Howard wrote:(Continue reading)
RSS Feed