From c845eed114ec3cea90acd35c419110d9ab76051f Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Wed, 30 Nov 2016 16:36:33 -0800
Subject: advanced crypto restricted by server role

---
 include/crypto.php | 3 +++
 include/zot.php    | 3 +++
 2 files changed, 6 insertions(+)

(limited to 'include')

diff --git a/include/crypto.php b/include/crypto.php
index e9fa320d3..4b78bb63d 100644
--- a/include/crypto.php
+++ b/include/crypto.php
@@ -138,6 +138,9 @@ function other_encapsulate($data,$pubkey,$alg) {
 
 function crypto_methods() {
 
+	if(\Zotlabs\Lib\System::get_server_role() !== 'pro')
+		return [ 'aes256cbc' ];
+
 	// 'std' is the new project standard which is aes256cbc but transmits/receives 256-byte key and iv. 
 	// aes256cbc is provided for compatibility with earlier zot implementations which assume 32-byte key and 16-byte iv. 
 	// other_encapsulate() now produces these longer keys/ivs by default so that it is difficult to guess a
diff --git a/include/zot.php b/include/zot.php
index e29978908..379a9b04c 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -166,6 +166,9 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot
 
 function zot_best_algorithm($methods) {
 
+	if(\Zotlabs\Lib\System::get_server_role() !== 'pro')
+		return 'aes256cbc';
+
 	if($methods) {
 		$x = explode(',',$methods);
 		if($x) {
-- 
cgit v1.2.3