From: Nikos Mavrogiannopoulos Date: Wed, 27 Nov 2013 09:56:47 +0000 (+0100) Subject: In FIPS mode the default cipher is AES. X-Git-Tag: gnutls_3_3_0pre0~520^2~22 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=89ba12e6ba46ae58b2a46839c5e85e2ee4a240fb;p=thirdparty%2Fgnutls.git In FIPS mode the default cipher is AES. --- diff --git a/src/certtool.c b/src/certtool.c index e7b79ef25e..5f92e7d215 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -139,7 +139,11 @@ generate_private_key_int(common_info_st * cinfo) static int cipher_to_flags(const char *cipher) { if (cipher == NULL) { +#ifdef ENABLE_FIPS140 + return GNUTLS_PKCS_USE_PBES2_AES_128; +#else /* compatibility mode - most implementations don't support AES */ return GNUTLS_PKCS_USE_PKCS12_ARCFOUR; +#endif } else if (strcasecmp(cipher, "3des") == 0) { return GNUTLS_PKCS_USE_PBES2_3DES; } else if (strcasecmp(cipher, "3des-pkcs12") == 0) {