From ed5c6e894e920908f63dd4752615a9a87ac0b99b Mon Sep 17 00:00:00 2001
From: Chris Buechler <cmb@pfsense.org>
Date: Fri, 9 Jan 2015 22:08:27 -0600
Subject: Default to only AES and SHA1 for new P2s.

---
 usr/local/www/vpn_ipsec_phase2.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'usr/local')

diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php
index bbf273a..6f07408 100644
--- a/usr/local/www/vpn_ipsec_phase2.php
+++ b/usr/local/www/vpn_ipsec_phase2.php
@@ -105,8 +105,8 @@ else
 	$pconfig['localid_type'] = "lan";
 	$pconfig['remoteid_type'] = "network";
 	$pconfig['proto'] = "esp";
-	$pconfig['ealgos'] = explode(",", "3des,blowfish,cast128,aes");
-	$pconfig['halgos'] = explode(",", "hmac_sha1,hmac_md5");
+	$pconfig['ealgos'] = explode(",", "aes");
+	$pconfig['halgos'] = explode(",", "hmac_sha1");
 	$pconfig['pfsgroup'] = "0";
 	$pconfig['lifetime'] = "3600";
 	$pconfig['uniqid'] = uniqid();
-- 
cgit v1.1