print CONF "ncp-disable\n";
print CONF "cipher $sovpnsettings{DCIPHER}\n";
print CONF "auth $sovpnsettings{'DAUTH'}\n";
+ # Set TLSv2 as minimum
+ print CONF "tls-version-min 1.2\n";
if ($sovpnsettings{'TLSAUTH'} eq 'on') {
print CONF "tls-auth ${General::swroot}/ovpn/certs/ta.key\n";
undef $vpnsettings{'ROUTES_PUSH'};
&write_routepushfile;
}
- if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 255 )) {
+ if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 1024 )) {
$errormessage = $Lang::tr{'invalid input for max clients'};
goto ADV_ERROR;
}
print SERVERCONF "auth $cgiparams{'DAUTH'}\n";
}
+ # Set TLSv1.2 as minimum
+ print SERVERCONF "tls-version-min 1.2\n";
+
if ($cgiparams{'COMPLZO'} eq 'on') {
print SERVERCONF "# Enable Compression\n";
print SERVERCONF "comp-lzo\n";
print CLIENTCONF "auth $cgiparams{'DAUTH'}\n";
}
+ # Set TLSv1.2 as minimum
+ print CLIENTCONF "tls-version-min 1.2\n";
+
if ($cgiparams{'COMPLZO'} eq 'on') {
print CLIENTCONF "# Enable Compression\n";
print CLIENTCONF "comp-lzo\n";