made AES new default cipher (#471)

Co-authored-by: Logan007 <you@example.com>

README.md

@@ -82,8 +82,7 @@ the traffic exchanged between two edge nodes but it will know that edge A is tal
 
 The choice of encryption schemes that can be applied to payload has recently been enhanced. Please have
 a look at [Crypto description](doc/Crypto.md) for a quick comparison chart to help make a choice. n2n edge nodes use 
-Twofish encryption by default for compatibility reasons with existing versions. Other ciphers can be chosen
+AES encryption by default. Other ciphers can be chosen using the `-A_` option.
-using the `-A_` option.
 
 A benchmark of the encryption methods is available when compiled from source with `tools/n2n-benchmark`.
 

src/edge.c

@@ -171,11 +171,9 @@ static void help() {
          "                         | causes connections stall when not properly supported.\n");
 #endif
   printf("-r                       | Enable packet forwarding through n2n community.\n");
-  printf("-A1                      | Disable payload encryption. Do not use with key (defaulting to Twofish then).\n");
+  printf("-A1                      | Disable payload encryption. Do not use with key (defaulting to AES then).\n");
-  printf("-A2 ... -A5 or -A        | Choose a cipher for payload encryption, requires a key: -A2 = Twofish (default),\n");
+  printf("-A2 ... -A5 or -A        | Choose a cipher for payload encryption, requires a key: -A2 = Twofish,\n");
-  printf("                         | -A3 or -A (deprecated) = AES, "
+  printf("                         | -A3 or -A (deprecated) = AES (default), -A4 = ChaCha20, -A5 = Speck-CTR.\n");
-  "-A4 = ChaCha20, "
-  "-A5 = Speck-CTR.\n");
   printf("-H                       | Enable full header encryption. Requires supernode with fixed community.\n");
   printf("-z1 ... -z2 or -z        | Enable compression for outgoing data packets: -z1 or -z = lzo1x"
 #ifdef N2N_HAVE_ZSTD
@@ -828,9 +826,9 @@ int main(int argc, char* argv[]) {
 
   if(conf.transop_id == N2N_TRANSFORM_ID_NULL) {
     if(conf.encrypt_key) {
-      /* make sure that Twofish is default cipher if key only (and no cipher) is specified */
+      /* make sure that AES is default cipher if key only (and no cipher) is specified */
-      traceEvent(TRACE_WARNING, "Switching to Twofish as key was provided.");
+      traceEvent(TRACE_WARNING, "Switching to AES as key was provided.");
-      conf.transop_id = N2N_TRANSFORM_ID_TWOFISH;
+      conf.transop_id = N2N_TRANSFORM_ID_AES;
     }
   }
 

src/edge_utils.c

@@ -2618,7 +2618,7 @@ void edge_init_conf_defaults(n2n_edge_conf_t *conf) {
 
   if (getenv("N2N_KEY")) {
     conf->encrypt_key = strdup(getenv("N2N_KEY"));
-    conf->transop_id = N2N_TRANSFORM_ID_TWOFISH;
+    conf->transop_id = N2N_TRANSFORM_ID_AES;
   }
 }
 
@@ -2663,7 +2663,7 @@ int quick_edge_init(char *device_name, char *community_name,
   /* Setup the configuration */
   edge_init_conf_defaults(&conf);
   conf.encrypt_key = encrypt_key;
-  conf.transop_id = N2N_TRANSFORM_ID_TWOFISH;
+  conf.transop_id = N2N_TRANSFORM_ID_AES;
   conf.compression = N2N_COMPRESSION_ID_NONE;
   snprintf((char*)conf.community_name, sizeof(conf.community_name), "%s", community_name);
   edge_conf_add_supernode(&conf, supernode_ip_address_port);