As a workaround for https://github.com/PeculiarVentures/PKI.js/issues/287, I had to downgrade the cipher mode from GCM to CBC across the board. This is OK for the current phase of Relaynet, but the lack of authenticated encryption is going to block the eventual General Availability of Relaynet.
As a workaround for https://github.com/PeculiarVentures/PKI.js/issues/287, I had to downgrade the cipher mode from GCM to CBC across the board. This is OK for the current phase of Relaynet, but the lack of authenticated encryption is going to block the eventual General Availability of Relaynet.
Note that the lack of support for AES-GCM is a violation of RS-018: https://specs.relaynet.network/RS-018#symmetric-ciphers
The eventual fix should reinstate support for AES-GCM and make it the default, whilst still supporting AES-CBC for backwards compatibility.
See also: