Use AES256 for the default encryption algoritm for TLS session tickets This involves providing more session ticket key data, for both the cipher and the digest Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> GH: #515, MR: #2153

commit: 05df5c2036f1244fe3df70de7d8079a5d86b999d [log] [tgz]
author: TJ Saunders <tj@castaglia.org> Sat Feb 27 19:37:34 2016 +0100
committer: Kurt Roeckx <kurt@roeckx.be> Mon May 16 20:43:06 2016 +0200
tree: 9959181da96969dc55fde2777fc9c223f6f6988d
parent: 4e2e1ec9d53696abeb6873f700ec1da141cdd9a9 [diff] [blame]
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 996a132..ef8d0ae 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -3137,7 +3137,7 @@
         if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
                          sizeof(tctx->tlsext_tick_hmac_key),
                          EVP_sha256(), NULL) <= 0
-                || EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
+                || EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
                                       tctx->tlsext_tick_aes_key,
                                       etick + sizeof(tctx->tlsext_tick_key_name)) <= 0) {
             goto err;
commit	05df5c2036f1244fe3df70de7d8079a5d86b999d	[log] [tgz]
author	TJ Saunders <tj@castaglia.org>	Sat Feb 27 19:37:34 2016 +0100
committer	Kurt Roeckx <kurt@roeckx.be>	Mon May 16 20:43:06 2016 +0200
tree	9959181da96969dc55fde2777fc9c223f6f6988d
parent	4e2e1ec9d53696abeb6873f700ec1da141cdd9a9 [diff] [blame]