From 45cb83f89c693815421792b99d7c2329ad3bb322 Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordu.net>
Date: Wed, 11 Apr 2012 11:20:37 +0200
Subject: [PATCH] Change default shared secret for TLS and DTLS.

We change from "mysecret" to "radsec" as per
draft-ietf-radext-radsec-12.txt section 2.3 (4).
---
 ChangeLog | 6 ++++++
 dtls.c    | 2 +-
 tls.c     | 2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index b984f2a..e1087ba 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,10 @@
 2011-12-22 1.6-dev
+	Incompatible changes:
+	- The default shared secret for TLS and DTLS connections change
+	from "mysecret" to "radsec" as per draft-ietf-radext-radsec-12.txt
+	section 2.3 (4).  Please make sure to specify a secret in both
+	client and server blocks to avoid unwanted surprises.
+
 	New features:
 	- Improved F-Ticks logging options.  F-Ticks can now be sent to a
 	separate syslog facility and the VISINST label can now be
diff --git a/dtls.c b/dtls.c
index ed3dca1..19386c4 100644
--- a/dtls.c
+++ b/dtls.c
@@ -46,7 +46,7 @@ void initextradtls();
 
 static const struct protodefs protodefs = {
     "dtls",
-    "mysecret", /* secretdefault */
+    "radsec", /* secretdefault */
     SOCK_DGRAM, /* socktype */
     "2083", /* portdefault */
     REQUEST_RETRY_COUNT, /* retrycountdefault */
diff --git a/tls.c b/tls.c
index ce06a6e..0282d63 100644
--- a/tls.c
+++ b/tls.c
@@ -43,7 +43,7 @@ void tlssetsrcres();
 
 static const struct protodefs protodefs = {
     "tls",
-    "mysecret", /* secretdefault */
+    "radsec", /* secretdefault */
     SOCK_STREAM, /* socktype */
     "2083", /* portdefault */
     0, /* retrycountdefault */
-- 
2.1.4