From 7e4cf28f27f70e2fc2b56806cfdb58d1c39891ab Mon Sep 17 00:00:00 2001 From: Disyer Date: Fri, 22 Jul 2022 01:40:20 +0300 Subject: [PATCH] dtool: Upgrade default encryption algorithm to AES-256 (#1337) The Blowfish cipher is no longer available on OpenSSL 3.x by default. It requires enabling the legacy cipher suite, which is compiled separately from the main OpenSSL library. AES-256 is a good replacement cipher that has hardware support in most newer computers. AES-256 is also available in OpenSSL 1.0.2. --- dtool/src/prc/encryptStreamBuf.cxx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dtool/src/prc/encryptStreamBuf.cxx b/dtool/src/prc/encryptStreamBuf.cxx index 683e05a931..807527c5cc 100644 --- a/dtool/src/prc/encryptStreamBuf.cxx +++ b/dtool/src/prc/encryptStreamBuf.cxx @@ -63,10 +63,10 @@ EncryptStreamBuf() { _owns_dest = false; ConfigVariableString encryption_algorithm - ("encryption-algorithm", "bf-cbc", + ("encryption-algorithm", "aes-256-cbc", PRC_DESC("This defines the OpenSSL encryption algorithm which is used to " "encrypt any streams created by the current runtime. The default is " - "Blowfish; the complete set of available algorithms is defined by " + "AES-256; the complete set of available algorithms is defined by " "the current version of OpenSSL. This value is used only to control " "encryption; the correct algorithm will automatically be selected on " "decryption."));