diff options
| author | zotlabs <mike@macgirvin.com> | 2016-11-30 16:36:33 -0800 |
|---|---|---|
| committer | zotlabs <mike@macgirvin.com> | 2016-11-30 16:36:33 -0800 |
| commit | c845eed114ec3cea90acd35c419110d9ab76051f (patch) | |
| tree | d487da2ba21b282274648904395b111b633693c1 | |
| parent | 5b09829959948b85fa6b156abaa091c40d88a9e1 (diff) | |
| download | volse-hubzilla-c845eed114ec3cea90acd35c419110d9ab76051f.tar.gz volse-hubzilla-c845eed114ec3cea90acd35c419110d9ab76051f.tar.bz2 volse-hubzilla-c845eed114ec3cea90acd35c419110d9ab76051f.zip | |
advanced crypto restricted by server role
| -rw-r--r-- | include/crypto.php | 3 | ||||
| -rw-r--r-- | include/zot.php | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/include/crypto.php b/include/crypto.php index e9fa320d3..4b78bb63d 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -138,6 +138,9 @@ function other_encapsulate($data,$pubkey,$alg) { function crypto_methods() { + if(\Zotlabs\Lib\System::get_server_role() !== 'pro') + return [ 'aes256cbc' ]; + // 'std' is the new project standard which is aes256cbc but transmits/receives 256-byte key and iv. // aes256cbc is provided for compatibility with earlier zot implementations which assume 32-byte key and 16-byte iv. // other_encapsulate() now produces these longer keys/ivs by default so that it is difficult to guess a diff --git a/include/zot.php b/include/zot.php index e29978908..379a9b04c 100644 --- a/include/zot.php +++ b/include/zot.php @@ -166,6 +166,9 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot function zot_best_algorithm($methods) { + if(\Zotlabs\Lib\System::get_server_role() !== 'pro') + return 'aes256cbc'; + if($methods) { $x = explode(',',$methods); if($x) { |