diff options
author | TJ Saunders <tj@castaglia.org> | 2016-02-27 19:37:34 +0100 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2016-05-16 20:43:06 +0200 |
commit | 05df5c2036f1244fe3df70de7d8079a5d86b999d (patch) | |
tree | 9959181da96969dc55fde2777fc9c223f6f6988d /ssl/statem/statem_srvr.c | |
parent | 4e2e1ec9d53696abeb6873f700ec1da141cdd9a9 (diff) | |
download | openssl-05df5c2036f1244fe3df70de7d8079a5d86b999d.zip openssl-05df5c2036f1244fe3df70de7d8079a5d86b999d.tar.gz openssl-05df5c2036f1244fe3df70de7d8079a5d86b999d.tar.bz2 |
Use AES256 for the default encryption algoritm for TLS session tickets
This involves providing more session ticket key data, for both the cipher and
the digest
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #515, MR: #2153
Diffstat (limited to 'ssl/statem/statem_srvr.c')
-rw-r--r-- | ssl/statem/statem_srvr.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index c8c68dc..60f92e5 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3048,7 +3048,7 @@ int tls_construct_new_session_ticket(SSL *s) } else { if (RAND_bytes(iv, 16) <= 0) goto err; - if (!EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, + if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, tctx->tlsext_tick_aes_key, iv)) goto err; if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, |