From e4c66080a8d7e3a329258498b35e8fc55eea5130 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Mon, 07 Sep 2015 03:47:16 -0400
Subject: [PATCH] Improved encrypt/decrypt methods with option to choose the cipher_method (#1489719)

---
 config/defaults.inc.php |   11 ++++++++---
 1 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/config/defaults.inc.php b/config/defaults.inc.php
index a3b7b53..45d2c7b 100644
--- a/config/defaults.inc.php
+++ b/config/defaults.inc.php
@@ -446,11 +446,16 @@
 // Possible values: sameorigin|deny. Set to false in order to disable sending them
 $config['x_frame_options'] = 'sameorigin';
 
-// this key is used to encrypt the users imap password which is stored
-// in the session record (and the client cookie if remember password is enabled).
-// please provide a string of exactly 24 chars.
+// This key is used for encrypting purposes, like storing of imap password
+// in the session. For historical reasons it's called DES_key, but it's used
+// with any configured cipher_method (see below).
 $config['des_key'] = 'rcmail-!24ByteDESkey*Str';
 
+// Encryption algorithm. You can use any method supported by openssl.
+// Default is set for backward compatibility to DES-EDE3-CBC,
+// but you can choose e.g. AES-256-CBC which we consider a better choice.
+$config['cipher_method'] = 'DES-EDE3-CBC';
+
 // Automatically add this domain to user names for login
 // Only for IMAP servers that require full e-mail addresses for login
 // Specify an array with 'host' => 'domain' values to support multiple hosts

--
Gitblit v1.9.1