-[devcrypto]
+[devcrypto_sect]
# Leave this alone and configure algorithms with CIPERS/DIGESTS below
default_algorithms = ALL
# It is recommended to disable the ECB ciphers; in most cases, it will
# only be used for PRNG, in small blocks, where performance is poor,
# and there may be problems with apps forking with open crypto
-# contexts, leading to failures. The CBC ciphers work well:
-#CIPHERS=DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC
+# contexts, leading to failures. The CBC ciphers work well.
+CIPHERS=DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC, \
+ AES-128-CTR, AES-192-CTR, AES-256-CTR
# DIGESTS: either ALL, NONE, or a comma-separated list of digests to
# enable [default=NONE]
# is poor, and there are many cases in which they will not work,
# especially when calling fork with open crypto contexts. Openssh,
# for example, does this, and you may not be able to login.
-#DIGESTS = NONE
-
+# Sysupgrade will fail as well. If you're adventurous enough to change
+# this, you should change it back to NONE, and reboot before running
+# sysupgrade!
+DIGESTS = NONE