diff options
| author | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2006-06-11 20:21:09 +0000 |
|---|---|---|
| committer | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2006-06-11 20:21:09 +0000 |
| commit | 380fcb0ea097108fb26d3960783e3bd716a8b2f6 (patch) | |
| tree | f44e8405842ddf1165aafd7097854d6eb98c7baf /sbin/ipsecctl/parse.y | |
| parent | 16ce9edada2cd5dc9fba1cebabb9fbf114f6c06c (diff) | |
As naddy@ pointed out RFC 3686 discourages use of AESCTR for static
keying. markus@ seconds this, so use AES CBC as default.
ok naddy@
Diffstat (limited to 'sbin/ipsecctl/parse.y')
| -rw-r--r-- | sbin/ipsecctl/parse.y | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y index a9d62bc42a3..882e8da9b31 100644 --- a/sbin/ipsecctl/parse.y +++ b/sbin/ipsecctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.105 2006/06/10 19:38:24 hshoexer Exp $ */ +/* $OpenBSD: parse.y,v 1.106 2006/06/11 20:21:08 hshoexer Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -1872,7 +1872,7 @@ validate_sa(u_int32_t spi, u_int8_t satype, struct ipsec_transforms *xfs, if (!xfs->authxf) xfs->authxf = &authxfs[AUTHXF_HMAC_SHA2_256]; if (!xfs->encxf) - xfs->encxf = &encxfs[ENCXF_AESCTR]; + xfs->encxf = &encxfs[ENCXF_AES]; } if (satype == IPSEC_IPCOMP) { if (!xfs) { |