Unfortunately BF isn't supported in PolarSSL though. Do you have any other suggestions? I'm open to most ideas other than "implement blowfish" :)
Adriaan > -----Original Message----- > From: Jan Just Keijser [mailto:janj...@nikhef.nl] > Sent: maandag 24 oktober 2011 10:55 > To: Adriaan de Jong > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH 3/3] Changed default algorithm for > PolarSSL to AES-128, as BF is not supported > > I'd NACK this patch : the default behaviour of OpenVPN should be > independent of the SSL implementation. > > JJK > > Adriaan de Jong wrote: > > Signed-off-by: Adriaan de Jong <dej...@fox-it.com> > > --- > > options.c | 5 +++++ > > 1 files changed, 5 insertions(+), 0 deletions(-) > > > > diff --git a/options.c b/options.c > > index 39e7a57..d917072 100644 > > --- a/options.c > > +++ b/options.c > > @@ -810,7 +810,12 @@ init_options (struct options *o, const bool > init_gc) > > o->server_poll_timeout = 0; > > #endif > > #ifdef USE_CRYPTO > > +#ifdef USE_OPENSSL > > o->ciphername = "BF-CBC"; > > +#endif > > +#ifdef USE_POLARSSL > > + o->ciphername = "AES-128-CBC"; > > +#endif > > o->ciphername_defined = true; > > o->authname = "SHA1"; > > o->authname_defined = true; > >
