From 4f2239868af340ec436146223adcd2a5c51c3a34 Mon Sep 17 00:00:00 2001 From: Kevin McCarthy Date: Tue, 3 Feb 2015 15:39:08 -0800 Subject: [PATCH] Change the smime_encrypt_with default to aes256. Openssl supports -aes256 at least since 2004, and it's a stronger algorithm than des3. Also: - Remove the incorrect documentation comment about defaulting to 3des if unset. - Change the default set in contrib/smime.rc. --- contrib/smime.rc | 2 +- init.h | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/contrib/smime.rc b/contrib/smime.rc index f87459237..a355e5b4e 100644 --- a/contrib/smime.rc +++ b/contrib/smime.rc @@ -60,7 +60,7 @@ set smime_import_cert_command="smime_keys add_cert %f" # Algorithm to use for encryption. # valid choices are aes128, aes192, aes256, rc2-40, rc2-64, rc2-128, des, des3 -set smime_encrypt_with="des3" +set smime_encrypt_with="aes256" # Encrypt a message. Input file is a MIME entity. set smime_encrypt_command="openssl smime -encrypt -%a -outform DER -in %f %c" diff --git a/init.h b/init.h index 2e50eed49..8453c76b1 100644 --- a/init.h +++ b/init.h @@ -2687,12 +2687,11 @@ struct option_t MuttVars[] = { ** possible \fCprintf(3)\fP-like sequences. ** (S/MIME only) */ - { "smime_encrypt_with", DT_STR, R_NONE, UL &SmimeCryptAlg, 0 }, + { "smime_encrypt_with", DT_STR, R_NONE, UL &SmimeCryptAlg, UL "aes256" }, /* ** .pp ** This sets the algorithm that should be used for encryption. ** Valid choices are ``aes128'', ``aes192'', ``aes256'', ``des'', ``des3'', ``rc2-40'', ``rc2-64'', ``rc2-128''. - ** If \fIunset\fP, ``3des'' (TripleDES) is used. ** (S/MIME only) */ { "smime_get_cert_command", DT_STR, R_NONE, UL &SmimeGetCertCommand, 0}, -- 2.40.0