Update the default TSIG algorithm to hmac-sha256.

In the upcoming update to RFC 2845, HMAC-MD5 will move to "MUST NOT"
use, so it shouldn't be the default.

diff --git a/dns/tsig.py b/dns/tsig.py
index 2517162064a8c87efe9eb50e9623989c65280473..dade52aab9ed5f55e1580f2a8b34df707cea4c6e 100644 (file)
--- a/dns/tsig.py
+++ b/dns/tsig.py
@@ -77,7 +77,7 @@ _hashes = {
     HMAC_MD5: hashlib.md5,
 }
 
-default_algorithm = HMAC_MD5
+default_algorithm = HMAC_SHA256
 
 BADSIG = 16
 BADKEY = 17