I am trying to get tinc to use aes-128-cbc for it's encryption algorythm for network traffic. So far, I'm not having any luck. I've tried putting it into the tinc.conf file, and it turns out that tinc is ignoring that code completely. I'm using tinc 1.0.4 (in TCP mode). Openssl version 0.9.7d. I've made some initial investigation into the source, and in net_setup.c I found a spot where EVP_get_cipherbyname was being called, and that call is being skipped, no matter what I have in the tinc.conf file. So, I changed the default a few lines down where myself->connection->cipher = EVP_bf_cbc(); to EVP_aes_128_cbc(); and I am still not getting aes ecryption. Is there any light you can shine on my problem? Thanks, Jon Howard tinc@alteredrurality.com
On Wed, Jun 29, 2005 at 03:51:24PM -0500, Jon Howard wrote:> I am trying to get tinc to use aes-128-cbc for it's encryption > algorythm for network traffic. So far, I'm not having any luck. > I've tried putting it into the tinc.conf file, and it turns out that > tinc is ignoring that code completely. I'm using tinc 1.0.4 (in TCP > mode). Openssl version 0.9.7d. I've made some initial investigationThe manpage mentions this: Cipher = cipher (blowfish) The symmetric cipher algorithm used to encrypt UDP packets. Any cipher supported by OpenSSL is recognised. Furthermore, specifying "none" will turn off packet encryption. It is best to use only those ciphers which support CBC mode. Note that it only speaks about UDP packets. When tinc 1.0 was released the protocol did not allow the cipher used for TCP streams to be changed. The protocol has not been changed since then to make sure subsequent versions are backwards compatible. So your observations are entirely correct! The quickest way to get a new feature in tinc is to send a patch ;) -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.eu.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://brouwer.uvt.nl/pipermail/tinc-devel/attachments/20050706/7b18019d/attachment.pgp
Reasonably Related Threads
- OpenSSH 3.9.1 fix for IRIX 5.3 cc
- [Bug 371] New: OpenSSH fails to build on Alpha True64 in cipher.c
- [PATCH] configure.ac/cipher.c: Check for OpenSSL with EVP_des_ede3_cbc
- "Cipher = none" doesn't seem to be working properly
- patch adding none cipher/mac for ssh v2