diff options
| author | Martijn van Duren <martijn@cvs.openbsd.org> | 2021-06-20 20:02:15 +0000 |
|---|---|---|
| committer | Martijn van Duren <martijn@cvs.openbsd.org> | 2021-06-20 20:02:15 +0000 |
| commit | 82aaf323975051ecab6538ebc41712a3a98a99b1 (patch) | |
| tree | 277ef2491e7b894da630b87bc9af6811b64b6bf9 | |
| parent | 7160fe3dbd2f59191600e8c3605458e77298b0b7 (diff) | |
Change the authentication protocol (-a) default to SHA-256 and the privacy
protocol (-x) default to AES. The old defaults are just not sane anymore.
OK sthen@
| -rw-r--r-- | usr.bin/snmp/snmp.1 | 8 | ||||
| -rw-r--r-- | usr.bin/snmp/snmpc.c | 6 |
2 files changed, 8 insertions, 6 deletions
diff --git a/usr.bin/snmp/snmp.1 b/usr.bin/snmp/snmp.1 index f16dd2fb059..09a255afd0a 100644 --- a/usr.bin/snmp/snmp.1 +++ b/usr.bin/snmp/snmp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: snmp.1,v 1.17 2021/03/23 22:07:36 martijn Exp $ +.\" $OpenBSD: snmp.1,v 1.18 2021/06/20 20:02:14 martijn Exp $ .\" .\" Copyright (c) 2019 Martijn van Duren <martijn@openbsd.org> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 23 2021 $ +.Dd $Mdocdate: June 20 2021 $ .Dt SNMP 1 .Os .Sh NAME @@ -197,7 +197,7 @@ Options are or .Cm SHA-512 . This option defaults to -.Cm MD5 . +.Cm SHA-256 . This option is only used by .Fl v Cm 3 . .It Fl C Ar appopt @@ -440,6 +440,8 @@ Options are .Cm DES and .Cm AES . +This option defaults to +.Cm AES . This option is only used by .Fl v Cm 3 . .It Fl Z Ar boots , Ns Ar time diff --git a/usr.bin/snmp/snmpc.c b/usr.bin/snmp/snmpc.c index e2348c78033..3328ee4e882 100644 --- a/usr.bin/snmp/snmpc.c +++ b/usr.bin/snmp/snmpc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: snmpc.c,v 1.33 2021/03/23 22:07:36 martijn Exp $ */ +/* $OpenBSD: snmpc.c,v 1.34 2021/06/20 20:02:14 martijn Exp $ */ /* * Copyright (c) 2019 Martijn van Duren <martijn@openbsd.org> @@ -476,7 +476,7 @@ main(int argc, char *argv[]) err(1, "usm_init"); if (seclevel & SNMP_MSGFLAG_AUTH) { if (md == NULL) - md = EVP_md5(); + md = EVP_sha256(); if (authkey == NULL) errx(1, "No authKey or authPassword specified"); if (usm_setauth(sec, md, authkey, authkeylen, @@ -485,7 +485,7 @@ main(int argc, char *argv[]) } if (seclevel & SNMP_MSGFLAG_PRIV) { if (cipher == NULL) - cipher = EVP_des_cbc(); + cipher = EVP_aes_128_cfb128(); if (privkey == NULL) errx(1, "No privKey or privPassword specified"); if (usm_setpriv(sec, cipher, privkey, privkeylen, |