Use AES256 for the default encryption algoritm for TLS session tickets
[openssl.git] / ssl / statem / statem_srvr.c
index c8c68dc..60f92e5 100644 (file)
@@ -3048,7 +3048,7 @@ int tls_construct_new_session_ticket(SSL *s)
     } else {
         if (RAND_bytes(iv, 16) <= 0)
             goto err;
-        if (!EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
+        if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
                                 tctx->tlsext_tick_aes_key, iv))
             goto err;
         if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,