From c845eed114ec3cea90acd35c419110d9ab76051f Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 30 Nov 2016 16:36:33 -0800 Subject: advanced crypto restricted by server role --- include/crypto.php | 3 +++ include/zot.php | 3 +++ 2 files changed, 6 insertions(+) diff --git a/include/crypto.php b/include/crypto.php index e9fa320d3..4b78bb63d 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -138,6 +138,9 @@ function other_encapsulate($data,$pubkey,$alg) { function crypto_methods() { + if(\Zotlabs\Lib\System::get_server_role() !== 'pro') + return [ 'aes256cbc' ]; + // 'std' is the new project standard which is aes256cbc but transmits/receives 256-byte key and iv. // aes256cbc is provided for compatibility with earlier zot implementations which assume 32-byte key and 16-byte iv. // other_encapsulate() now produces these longer keys/ivs by default so that it is difficult to guess a diff --git a/include/zot.php b/include/zot.php index e29978908..379a9b04c 100644 --- a/include/zot.php +++ b/include/zot.php @@ -166,6 +166,9 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot function zot_best_algorithm($methods) { + if(\Zotlabs\Lib\System::get_server_role() !== 'pro') + return 'aes256cbc'; + if($methods) { $x = explode(',',$methods); if($x) { -- cgit v1.2.3