From: Sam Hartman <hartmans@mit.edu>
Date: Fri, 6 Feb 2004 21:12:21 +0000 (+0000)
Subject: Enable aes128-cts for client
X-Git-Tag: krb5-1.4-beta1~640
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=c43ae538a21d25f82b4fc732cd0d3ffb9dd2ae25;p=krb5.git

Enable aes128-cts for client

Currently we support aes128-cts but do not enable it by default.  It
looks like interoperability problems will be created by this decision.
So add aes128-cts to the default list of enctypes for client
configuration and for permitted_enctypes.

Ticket: new
Target_Version: 1.3.2
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16026 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index f7b8d2259..28bfafd39 100644
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,7 @@
+2004-02-06  Sam Hartman  <hartmans@avalanche-breakdown.mit.edu>
+
+	* init_ctx.c (DEFAULT_ETYPE_LIST): Include aes128-cts
+
 2003-12-19  Ken Raeburn  <raeburn@mit.edu>
 
 	* get_in_tkt.c (get_in_tkt_enctypes): Now const.
diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c
index 7ff983cf7..2740d8361 100644
--- a/src/lib/krb5/krb/init_ctx.c
+++ b/src/lib/krb5/krb/init_ctx.c
@@ -66,6 +66,7 @@
    des-crc for now.  */
 #define DEFAULT_ETYPE_LIST	\
 	"aes256-cts-hmac-sha1-96 " \
+	"aes128-cts-hmac-sha1-96 " \
 	"des3-cbc-sha1 arcfour-hmac-md5 " \
 	"des-cbc-crc des-cbc-md5 des-cbc-md4 "