From fd65de0eb9f645bc3bf71b787ac6aa128d9b2aae Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 19 Apr 2022 12:02:10 -0400 Subject: [PATCH] multicast: Support uftp 5.0 by switching from aes256-cbc to aes256-gcm aes256-gcm is supported by both 4.x and 5.x, while 5.x dropped aes256-cbc. Sponsored-by: Graham Spencer on Patreon --- CHANGELOG | 2 ++ Command/Multicast.hs | 2 +- doc/bugs/uftp_5__58___invalid_key_type.mdwn | 4 ++++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index abc1b32ec8..159b32a835 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -6,6 +6,8 @@ git-annex (10.20220323) UNRELEASED; urgency=medium Same for mincopies. * assistant: When annex.autocommit is set, notice commits that the user makes manually, and push them out to remotes promptly. + * multicast: Support uftp 5.0 by switching from aes256-cbc to + aes256-gcm. -- Joey Hess Mon, 28 Mar 2022 14:46:10 -0400 diff --git a/Command/Multicast.hs b/Command/Multicast.hs index 7d059cc194..3d7e726f79 100644 --- a/Command/Multicast.hs +++ b/Command/Multicast.hs @@ -152,7 +152,7 @@ send ups fs = do let ps = -- Force client authentication. [ Param "-c" - , Param "-Y", Param "aes256-cbc" + , Param "-Y", Param "aes256-gcm" , Param "-h", Param "sha512" -- Picked ecdh_ecdsa for perfect forward secrecy, -- and because a EC key exchange algorithm is diff --git a/doc/bugs/uftp_5__58___invalid_key_type.mdwn b/doc/bugs/uftp_5__58___invalid_key_type.mdwn index 8fc49129c3..440c040133 100644 --- a/doc/bugs/uftp_5__58___invalid_key_type.mdwn +++ b/doc/bugs/uftp_5__58___invalid_key_type.mdwn @@ -49,3 +49,7 @@ ok ### Have you had any luck using git-annex before? (Sometimes we get tired of reading bug reports all day and a lil' positive end note does wonders) Of course! I'm using it to track assets in an infrastructure repository + +> I've changed it to use aes256-gcm. I have not verified if there +> is other breakage from the new version, so file a bug if you find any. +> [[done]] --[[Joey]]