Use AES256 for the default encryption algoritm for TLS session tickets

This involves providing more session ticket key data, for both the cipher and the digest Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> GH: #515, MR: #2153
author: TJ Saunders <tj@castaglia.org> 2016-02-27 19:37:34 +0100
committer: Kurt Roeckx <kurt@roeckx.be> 2016-05-16 20:43:06 +0200
commit: 05df5c2036f1244fe3df70de7d8079a5d86b999d (patch)
tree: 9959181da96969dc55fde2777fc9c223f6f6988d /ssl/statem/statem_srvr.c
parent: 4e2e1ec9d53696abeb6873f700ec1da141cdd9a9 (diff)
download: openssl-05df5c2036f1244fe3df70de7d8079a5d86b999d.zip
openssl-05df5c2036f1244fe3df70de7d8079a5d86b999d.tar.gz
openssl-05df5c2036f1244fe3df70de7d8079a5d86b999d.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index c8c68dc..60f92e5 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3048,7 +3048,7 @@ int tls_construct_new_session_ticket(SSL *s)
     } else {
         if (RAND_bytes(iv, 16) <= 0)
             goto err;
-        if (!EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
+        if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
                                 tctx->tlsext_tick_aes_key, iv))
             goto err;
         if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
author	TJ Saunders <tj@castaglia.org>	2016-02-27 19:37:34 +0100
committer	Kurt Roeckx <kurt@roeckx.be>	2016-05-16 20:43:06 +0200
commit	05df5c2036f1244fe3df70de7d8079a5d86b999d (patch)
tree	9959181da96969dc55fde2777fc9c223f6f6988d /ssl/statem/statem_srvr.c
parent	4e2e1ec9d53696abeb6873f700ec1da141cdd9a9 (diff)
download	openssl-05df5c2036f1244fe3df70de7d8079a5d86b999d.zip openssl-05df5c2036f1244fe3df70de7d8079a5d86b999d.tar.gz openssl-05df5c2036f1244fe3df70de7d8079a5d86b999d.tar.bz2