Set default algo to SHA256

Like we were supposed to do three versions ago

Set default algo to SHA256
Like we were supposed to do three versions ago
b4c6200c · Tim van Dijen · GitHub · e2eebd8e · b4c6200c
Unverified Commit b4c6200c authored 5 years ago by Tim van Dijen Committed by GitHub 5 years ago
--- a/lib/SimpleSAML/Auth/TimeLimitedToken.php
+++ b/lib/SimpleSAML/Auth/TimeLimitedToken.php
@@ -34,16 +34,14 @@ class TimeLimitedToken
    /**
     * Create a new time-limited token.
     *
-     * Please note that the default algorithm will change in SSP 1.15.0 to SHA-256 instead of SHA-1.
-     *
     * @param int $lifetime Token lifetime in seconds. Defaults to 900 (15 min).
     * @param string $secretSalt A random and unique salt per installation. Defaults to the salt in the configuration.
     * @param int $skew The allowed time skew (in seconds) to correct clock deviations. Defaults to 1 second.
-     * @param string $algo The hash algorithm to use to generate the tokens. Defaults to SHA-1.
+     * @param string $algo The hash algorithm to use to generate the tokens. Defaults to SHA-256.
     *
     * @throws \InvalidArgumentException if the given parameters are invalid.
     */
-    public function __construct($lifetime = 900, $secretSalt = null, $skew = 1, $algo = 'sha1')
+    public function __construct($lifetime = 900, $secretSalt = null, $skew = 1, $algo = 'sha256')
    {
        if ($secretSalt === null) {
            $secretSalt = Utils\Config::getSecretSalt();