From: Brian Wellington <bwelling@xbill.org>
Date: Mon, 11 May 2020 19:40:35 +0000 (-0700)
Subject: Update the default TSIG algorithm to hmac-sha256.
X-Git-Tag: v2.0.0rc1~214
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5b2234c2f60a33624b16ff118295dd680e39d3b9;p=thirdparty%2Fdnspython.git

Update the default TSIG algorithm to hmac-sha256.

In the upcoming update to RFC 2845, HMAC-MD5 will move to "MUST NOT"
use, so it shouldn't be the default.
---

diff --git a/dns/tsig.py b/dns/tsig.py
index 25171620..dade52aa 100644
--- a/dns/tsig.py
+++ b/dns/tsig.py
@@ -77,7 +77,7 @@ _hashes = {
     HMAC_MD5: hashlib.md5,
 }
 
-default_algorithm = HMAC_MD5
+default_algorithm = HMAC_SHA256
 
 BADSIG = 16
 BADKEY = 17