j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Enable the SPTPS protocol by default.

Browse source
This commit is contained in:
Guus Sliepen 2013-05-10 21:11:45 +02:00
parent ee34ac3d61
commit c83c2d080f
4 changed files with 7 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
doc/tinc.conf.5.in
View file

@ -274,14 +274,12 @@ The file in which the private ECDSA key of this tinc daemon resides.
This is only used if This is only used if
.Va ExperimentalProtocol .Va ExperimentalProtocol
is enabled. is enabled.
.It Va ExperimentalProtocol Li = yes | no Po no Pc Bq experimental .It Va ExperimentalProtocol Li = yes | no Pq yes
When this option is enabled, experimental protocol enhancements will be used. When this option is enabled, the SPTPS protocol will be used when connecting to nodes that also support it.
Ephemeral ECDH will be used for key exchanges, Ephemeral ECDH will be used for key exchanges,
and ECDSA will be used instead of RSA for authentication. and ECDSA will be used instead of RSA for authentication.
When enabled, an ECDSA key must have been generated before with When enabled, an ECDSA key must have been generated before with
.Nm tinc generate-ecdsa-keys . .Nm tinc generate-ecdsa-keys .
The experimental protocol may change at any time,
and there is no guarantee that tinc will run stable when it is used.
.It Va Forwarding Li = off | internal | kernel Po internal Pc Bq experimental .It Va Forwarding Li = off | internal | kernel Po internal Pc Bq experimental
This option selects the way indirect packets are forwarded. This option selects the way indirect packets are forwarded.
.Bl -tag -width indent .Bl -tag -width indent

6
doc/tinc.texi
View file

@ -1002,14 +1002,12 @@ The file in which the private ECDSA key of this tinc daemon resides.
This is only used if ExperimentalProtocol is enabled. This is only used if ExperimentalProtocol is enabled.
@cindex ExperimentalProtocol @cindex ExperimentalProtocol
@item ExperimentalProtocol = <yes|no> (no) [experimental] @item ExperimentalProtocol = <yes|no> (yes)
When this option is enabled, experimental protocol enhancements will be used. When this option is enabled, the SPTPS protocol will be used when connecting to nodes that also support it.
Ephemeral ECDH will be used for key exchanges, Ephemeral ECDH will be used for key exchanges,
and ECDSA will be used instead of RSA for authentication. and ECDSA will be used instead of RSA for authentication.
When enabled, an ECDSA key must have been generated before with When enabled, an ECDSA key must have been generated before with
@samp{tinc generate-ecdsa-keys}. @samp{tinc generate-ecdsa-keys}.
The experimental protocol may change at any time,
and there is no guarantee that tinc will run stable when it is used.
@cindex Forwarding @cindex Forwarding
@item Forwarding = <off|internal|kernel> (internal) [experimental] @item Forwarding = <off|internal|kernel> (internal) [experimental]

2
src/net_setup.c
View file

@ -192,6 +192,8 @@ static bool read_ecdsa_private_key(void) {
if(!fp) { if(!fp) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error reading ECDSA private key file `%s': %s", fname, strerror(errno)); logger(DEBUG_ALWAYS, LOG_ERR, "Error reading ECDSA private key file `%s': %s", fname, strerror(errno));
if(errno == ENOENT)
logger(DEBUG_ALWAYS, LOG_INFO, "Create an ECDSA keypair with `tinc -n %s generate-ecdsa-keys'.", netname ?: ".");
free(fname); free(fname);
return false; return false;
} }

2
src/protocol.c
View file

@ -30,7 +30,7 @@
bool tunnelserver = false; bool tunnelserver = false;
bool strictsubnets = false; bool strictsubnets = false;
bool experimental = false; bool experimental = true;
/* Jumptable for the request handlers */ /* Jumptable for the request handlers */