Support ncp-ciphers
Since OpenVPN 2.4, there is negotiable crypto parameters (NCP) It means you can use a cipher suite like with HTTPS. By default the suite is AES-256-GCM:AES-256-CBC, so that means than since 2.4 is out, everyone using a 2.4 client + server was using AES 256 GCM, regardless of the --cipher option. With this commit, the chosen cipher will be the only cipher in the NCP cipher list, thus fixing this issue.
This commit is contained in:
parent
a85c13e4ec
commit
62c89af954
@ -303,22 +303,22 @@ function installQuestions () {
|
|||||||
done
|
done
|
||||||
case $CIPHER_CHOICE in
|
case $CIPHER_CHOICE in
|
||||||
1)
|
1)
|
||||||
CIPHER="cipher AES-128-GCM"
|
CIPHER="AES-128-GCM"
|
||||||
;;
|
;;
|
||||||
2)
|
2)
|
||||||
CIPHER="cipher AES-192-GCM"
|
CIPHER="AES-192-GCM"
|
||||||
;;
|
;;
|
||||||
3)
|
3)
|
||||||
CIPHER="cipher AES-256-GCM"
|
CIPHER="AES-256-GCM"
|
||||||
;;
|
;;
|
||||||
4)
|
4)
|
||||||
CIPHER="cipher AES-128-CBC"
|
CIPHER="AES-128-CBC"
|
||||||
;;
|
;;
|
||||||
5)
|
5)
|
||||||
CIPHER="cipher AES-192-CBC"
|
CIPHER="AES-192-CBC"
|
||||||
;;
|
;;
|
||||||
6)
|
6)
|
||||||
CIPHER="cipher AES-256-CBC"
|
CIPHER="AES-256-CBC"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
echo ""
|
echo ""
|
||||||
@ -664,7 +664,8 @@ cert $SERVER_NAME.crt
|
|||||||
key $SERVER_NAME.key
|
key $SERVER_NAME.key
|
||||||
tls-auth tls-auth.key 0
|
tls-auth tls-auth.key 0
|
||||||
auth $HMAC_ALG
|
auth $HMAC_ALG
|
||||||
$CIPHER
|
cipher $CIPHER
|
||||||
|
ncp-ciphers $CIPHER
|
||||||
tls-server
|
tls-server
|
||||||
tls-version-min 1.2
|
tls-version-min 1.2
|
||||||
tls-cipher $CC_CIPHER
|
tls-cipher $CC_CIPHER
|
||||||
@ -792,7 +793,7 @@ remote-cert-tls server
|
|||||||
verify-x509-name $SERVER_NAME name
|
verify-x509-name $SERVER_NAME name
|
||||||
auth $HMAC_ALG
|
auth $HMAC_ALG
|
||||||
auth-nocache
|
auth-nocache
|
||||||
$CIPHER
|
cipher $CIPHER
|
||||||
tls-client
|
tls-client
|
||||||
tls-version-min 1.2
|
tls-version-min 1.2
|
||||||
tls-cipher $CC_CIPHER
|
tls-cipher $CC_CIPHER
|
||||||
|
Loading…
x
Reference in New Issue
Block a user