mirror of
https://github.com/ntop/n2n.git
synced 2024-09-19 16:41:11 +02:00
made AES new default cipher (#471)
Co-authored-by: Logan007 <you@example.com>
This commit is contained in:
parent
b858ffeb06
commit
51d55a60f8
|
@ -82,8 +82,7 @@ the traffic exchanged between two edge nodes but it will know that edge A is tal
|
||||||
|
|
||||||
The choice of encryption schemes that can be applied to payload has recently been enhanced. Please have
|
The choice of encryption schemes that can be applied to payload has recently been enhanced. Please have
|
||||||
a look at [Crypto description](doc/Crypto.md) for a quick comparison chart to help make a choice. n2n edge nodes use
|
a look at [Crypto description](doc/Crypto.md) for a quick comparison chart to help make a choice. n2n edge nodes use
|
||||||
Twofish encryption by default for compatibility reasons with existing versions. Other ciphers can be chosen
|
AES encryption by default. Other ciphers can be chosen using the `-A_` option.
|
||||||
using the `-A_` option.
|
|
||||||
|
|
||||||
A benchmark of the encryption methods is available when compiled from source with `tools/n2n-benchmark`.
|
A benchmark of the encryption methods is available when compiled from source with `tools/n2n-benchmark`.
|
||||||
|
|
||||||
|
|
14
src/edge.c
14
src/edge.c
|
@ -171,11 +171,9 @@ static void help() {
|
||||||
" | causes connections stall when not properly supported.\n");
|
" | causes connections stall when not properly supported.\n");
|
||||||
#endif
|
#endif
|
||||||
printf("-r | Enable packet forwarding through n2n community.\n");
|
printf("-r | Enable packet forwarding through n2n community.\n");
|
||||||
printf("-A1 | Disable payload encryption. Do not use with key (defaulting to Twofish then).\n");
|
printf("-A1 | Disable payload encryption. Do not use with key (defaulting to AES then).\n");
|
||||||
printf("-A2 ... -A5 or -A | Choose a cipher for payload encryption, requires a key: -A2 = Twofish (default),\n");
|
printf("-A2 ... -A5 or -A | Choose a cipher for payload encryption, requires a key: -A2 = Twofish,\n");
|
||||||
printf(" | -A3 or -A (deprecated) = AES, "
|
printf(" | -A3 or -A (deprecated) = AES (default), -A4 = ChaCha20, -A5 = Speck-CTR.\n");
|
||||||
"-A4 = ChaCha20, "
|
|
||||||
"-A5 = Speck-CTR.\n");
|
|
||||||
printf("-H | Enable full header encryption. Requires supernode with fixed community.\n");
|
printf("-H | Enable full header encryption. Requires supernode with fixed community.\n");
|
||||||
printf("-z1 ... -z2 or -z | Enable compression for outgoing data packets: -z1 or -z = lzo1x"
|
printf("-z1 ... -z2 or -z | Enable compression for outgoing data packets: -z1 or -z = lzo1x"
|
||||||
#ifdef N2N_HAVE_ZSTD
|
#ifdef N2N_HAVE_ZSTD
|
||||||
|
@ -828,9 +826,9 @@ int main(int argc, char* argv[]) {
|
||||||
|
|
||||||
if(conf.transop_id == N2N_TRANSFORM_ID_NULL) {
|
if(conf.transop_id == N2N_TRANSFORM_ID_NULL) {
|
||||||
if(conf.encrypt_key) {
|
if(conf.encrypt_key) {
|
||||||
/* make sure that Twofish is default cipher if key only (and no cipher) is specified */
|
/* make sure that AES is default cipher if key only (and no cipher) is specified */
|
||||||
traceEvent(TRACE_WARNING, "Switching to Twofish as key was provided.");
|
traceEvent(TRACE_WARNING, "Switching to AES as key was provided.");
|
||||||
conf.transop_id = N2N_TRANSFORM_ID_TWOFISH;
|
conf.transop_id = N2N_TRANSFORM_ID_AES;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2618,7 +2618,7 @@ void edge_init_conf_defaults(n2n_edge_conf_t *conf) {
|
||||||
|
|
||||||
if (getenv("N2N_KEY")) {
|
if (getenv("N2N_KEY")) {
|
||||||
conf->encrypt_key = strdup(getenv("N2N_KEY"));
|
conf->encrypt_key = strdup(getenv("N2N_KEY"));
|
||||||
conf->transop_id = N2N_TRANSFORM_ID_TWOFISH;
|
conf->transop_id = N2N_TRANSFORM_ID_AES;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2663,7 +2663,7 @@ int quick_edge_init(char *device_name, char *community_name,
|
||||||
/* Setup the configuration */
|
/* Setup the configuration */
|
||||||
edge_init_conf_defaults(&conf);
|
edge_init_conf_defaults(&conf);
|
||||||
conf.encrypt_key = encrypt_key;
|
conf.encrypt_key = encrypt_key;
|
||||||
conf.transop_id = N2N_TRANSFORM_ID_TWOFISH;
|
conf.transop_id = N2N_TRANSFORM_ID_AES;
|
||||||
conf.compression = N2N_COMPRESSION_ID_NONE;
|
conf.compression = N2N_COMPRESSION_ID_NONE;
|
||||||
snprintf((char*)conf.community_name, sizeof(conf.community_name), "%s", community_name);
|
snprintf((char*)conf.community_name, sizeof(conf.community_name), "%s", community_name);
|
||||||
edge_conf_add_supernode(&conf, supernode_ip_address_port);
|
edge_conf_add_supernode(&conf, supernode_ip_address_port);
|
||||||
|
|
Loading…
Reference in New Issue
Block a user