advanced crypto restricted by server role

2016-11-30 16:36:33 -08:00 · 2016-11-30 16:36:33 -08:00 · c845eed114
commit c845eed114
parent 5b09829959
2 changed files with 6 additions and 0 deletions
--- a/include/crypto.php
+++ b/include/crypto.php
@ -138,6 +138,9 @@ function other_encapsulate($data,$pubkey,$alg) {

 function crypto_methods() {

+	if(\Zotlabs\Lib\System::get_server_role() !== 'pro')
+		return [ 'aes256cbc' ];
+
 	// 'std' is the new project standard which is aes256cbc but transmits/receives 256-byte key and iv. 
 	// aes256cbc is provided for compatibility with earlier zot implementations which assume 32-byte key and 16-byte iv. 
 	// other_encapsulate() now produces these longer keys/ivs by default so that it is difficult to guess a
--- a/include/zot.php
+++ b/include/zot.php
@ -166,6 +166,9 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot

 function zot_best_algorithm($methods) {

+	if(\Zotlabs\Lib\System::get_server_role() !== 'pro')
+		return 'aes256cbc';
+
 	if($methods) {
 		$x = explode(',',$methods);
 		if($x) {