From 5b2234c2f60a33624b16ff118295dd680e39d3b9 Mon Sep 17 00:00:00 2001
From: Brian Wellington <bwelling@xbill.org>
Date: Mon, 11 May 2020 12:40:35 -0700
Subject: [PATCH] Update the default TSIG algorithm to hmac-sha256.

In the upcoming update to RFC 2845, HMAC-MD5 will move to "MUST NOT"
use, so it shouldn't be the default.
---
 dns/tsig.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dns/tsig.py b/dns/tsig.py
index 25171620..dade52aa 100644
--- a/dns/tsig.py
+++ b/dns/tsig.py
@@ -77,7 +77,7 @@ _hashes = {
     HMAC_MD5: hashlib.md5,
 }
 
-default_algorithm = HMAC_MD5
+default_algorithm = HMAC_SHA256
 
 BADSIG = 16
 BADKEY = 17
-- 
2.47.3