From b4c6200c3edf7f4621d834264abf87d100b63b64 Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tim.dijen@minbzk.nl>
Date: Sun, 11 Aug 2019 22:14:08 +0200
Subject: [PATCH] Set default algo to SHA256

Like we were supposed to do three versions ago
---
 lib/SimpleSAML/Auth/TimeLimitedToken.php | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/lib/SimpleSAML/Auth/TimeLimitedToken.php b/lib/SimpleSAML/Auth/TimeLimitedToken.php
index ec6ac4c2c..fcca0b0ac 100644
--- a/lib/SimpleSAML/Auth/TimeLimitedToken.php
+++ b/lib/SimpleSAML/Auth/TimeLimitedToken.php
@@ -34,16 +34,14 @@ class TimeLimitedToken
     /**
      * Create a new time-limited token.
      *
-     * Please note that the default algorithm will change in SSP 1.15.0 to SHA-256 instead of SHA-1.
-     *
      * @param int $lifetime Token lifetime in seconds. Defaults to 900 (15 min).
      * @param string $secretSalt A random and unique salt per installation. Defaults to the salt in the configuration.
      * @param int $skew The allowed time skew (in seconds) to correct clock deviations. Defaults to 1 second.
-     * @param string $algo The hash algorithm to use to generate the tokens. Defaults to SHA-1.
+     * @param string $algo The hash algorithm to use to generate the tokens. Defaults to SHA-256.
      *
      * @throws \InvalidArgumentException if the given parameters are invalid.
      */
-    public function __construct($lifetime = 900, $secretSalt = null, $skew = 1, $algo = 'sha1')
+    public function __construct($lifetime = 900, $secretSalt = null, $skew = 1, $algo = 'sha256')
     {
         if ($secretSalt === null) {
             $secretSalt = Utils\Config::getSecretSalt();
-- 
GitLab