firebird/firebird-mirror
firebird/firebird-mirror
8
0
Fork 1
mirror of https://github.com/FirebirdSQL/firebird.git synced 2025-02-02 09:20:39 +01:00
Code Issues

Add chacha to default config and use it when available. Clients, missing required plugin, will continue using rc4.

Browse Source
This commit is contained in:
AlexPeshkoff 2020-01-20 19:19:48 +03:00
parent d24b4c96bd
commit d8be3d534f
2 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
builds/install/misc/firebird.conf
View File

@ -446,8 +446,8 @@
#AuthClient = Srp256, Srp, Legacy_Auth #Non Windows clients
#AuthClient = Srp256, Srp, Win_Sspi, Legacy_Auth #Windows clients
#
# If you need to use server plugins that do not provide encryption key (both Legacy_Auth
# & Win_Sspi) you should also turn off required encryption on the wire with WireCrypt
# If you need to use server plugins that do not provide encryption key (Legacy_Auth is the
# only such std plugin) you should also turn off required encryption on the wire with WireCrypt
# configuration parameter except when working with the XNET protocol which is never encrypted.
#
@ -466,12 +466,14 @@
#TracePlugin = fbtrace
# Wire crypt plugins are used to crypt data transferred over the wire.
# In default case wire is encrypted using Alleged RC4
# (key must be generated by auth plugin).
# In default case wire is encrypted using ChaCha#20 or Alleged RC4.
# Key must be generated by auth plugin.
# For chacha we are using 16 or 32 bytes key (depends upon what is provided
# by auth plugin), 12 bytes nonce and 4 bytes counter, 20 (10 + 10) rounds are made.
#
# Per-connection configurable.
#
#WireCryptPlugin = Arc4
#WireCryptPlugin = ChaCha, Arc4
# Key holder is a kind of temp storage for DB crypt keys.
# There is no default for this kind of plugins.

2
src/common/config/config.cpp
View File

@ -204,7 +204,7 @@ const Config::ConfigEntry Config::entries[MAX_CONFIG_KEY] =
{TYPE_STRING, "SecurityDatabase", (ConfigValue) "security.db"}, // sec/db alias - rely on databases.conf
{TYPE_STRING, "ServerMode", (ConfigValue) ""}, // actual value differs in boot/regular cases
{TYPE_STRING, "WireCrypt", (ConfigValue) NULL},
{TYPE_STRING, "WireCryptPlugin", (ConfigValue) "Arc4"},
{TYPE_STRING, "WireCryptPlugin", (ConfigValue) "ChaCha, Arc4"},
{TYPE_STRING, "KeyHolderPlugin", (ConfigValue) ""},
{TYPE_BOOLEAN, "RemoteAccess", (ConfigValue) true},
{TYPE_BOOLEAN, "IPv6V6Only", (ConfigValue) false},