diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2013-11-27 10:56:47 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2013-11-27 11:41:45 +0100 |
| commit | 89ba12e6ba46ae58b2a46839c5e85e2ee4a240fb (patch) | |
| tree | 0f337ad10390b043d3676680e602ae76ca8c20ce /src | |
| parent | ebbc40cebf30d1108c550e453d15b23d39a6dd2e (diff) | |
| download | gnutls-89ba12e6ba46ae58b2a46839c5e85e2ee4a240fb.tar.gz | |
In FIPS mode the default cipher is AES.
Diffstat (limited to 'src')
| -rw-r--r-- | src/certtool.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/certtool.c b/src/certtool.c index e7b79ef25e..5f92e7d215 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -139,7 +139,11 @@ generate_private_key_int(common_info_st * cinfo) static int cipher_to_flags(const char *cipher) { if (cipher == NULL) { +#ifdef ENABLE_FIPS140 + return GNUTLS_PKCS_USE_PBES2_AES_128; +#else /* compatibility mode - most implementations don't support AES */ return GNUTLS_PKCS_USE_PKCS12_ARCFOUR; +#endif } else if (strcasecmp(cipher, "3des") == 0) { return GNUTLS_PKCS_USE_PBES2_3DES; } else if (strcasecmp(cipher, "3des-pkcs12") == 0) { |