Reorganise the default cipher preference order.

After all the side-channel removal work I've done, I'm demoting Blowfish and Arcfour right to the bottom of the pile, because they're the ciphers that still have cache and timing leaks in them. (Neither one can be sanitised without making it _extremely_ slow - the factor of 4.5 slowdown in DES would be small by comparison). Single-DES is also still below the warning threshold for simply being too weak (irrespective of side channels), but it's above the other two.
2025-01-09 09:27:59 +00:00 · 2019-03-16 11:01:30 +00:00 · 2019-03-16 11:01:30 +00:00 · c081f3e234
commit c081f3e234
parent 31b4c6ad9c
1 changed files with 2 additions and 2 deletions
--- a/settings.c
+++ b/settings.c
@ -17,11 +17,11 @@
 static const struct keyvalwhere ciphernames[] = {
    { "aes",        CIPHER_AES,             -1, -1 },
    { "chacha20",   CIPHER_CHACHA20,        CIPHER_AES, +1 },
-    { "blowfish",   CIPHER_BLOWFISH,        -1, -1 },
    { "3des",       CIPHER_3DES,            -1, -1 },
    { "WARN",       CIPHER_WARN,            -1, -1 },
+    { "des",        CIPHER_DES,             -1, -1 },
+    { "blowfish",   CIPHER_BLOWFISH,        -1, -1 },
    { "arcfour",    CIPHER_ARCFOUR,         -1, -1 },
-    { "des",        CIPHER_DES,             -1, -1 }
 };

 /* The default order here is sometimes overridden by the backward-