"CHACHA20-POLY1305",
);
+my @LEGACY_CIPHERS = (
+ "BF-CBC",
+ "CAST5-CBC",
+ "DES-CBC",
+ "DESX-CBC",
+ "SEED-CBC",
+);
+
my $DEFAULT_CIPHERS = "AES-256-GCM|AES-128-GCM|CHACHA20-POLY1305";
# Translations for the cipher selection
return 0;
}
+sub is_legacy_cipher($) {
+ my $cipher = shift;
+
+ foreach my $c (@LEGACY_CIPHERS) {
+ return 1 if ($cipher eq $c);
+ }
+
+ return 0;
+}
+
sub cleanssldatabase() {
if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) {
print FILE "01";
sub writeserverconf {
my %sovpnsettings = ();
+ # Do we require the OpenSSL Legacy Provider?
+ my $requires_legacy_provider = 0;
+
&General::readhash("${General::swroot}/ovpn/settings", \%sovpnsettings);
&read_routepushfile(\%sovpnsettings);
# Enable fallback cipher?
if ($sovpnsettings{'DCIPHER'} ne '') {
+ if (&is_legacy_cipher($sovpnsettings{'DCIPHER'})) {
+ $requires_legacy_provider++;
+ }
+
print CONF "data-ciphers-fallback $sovpnsettings{'DCIPHER'}\n";
}
print CONF "management /var/run/openvpn.sock unix\n";
print CONF "management-client-auth\n";
+ # Enable the legacy provider
+ if ($requires_legacy_provider > 0) {
+ print CONF "providers legacy default\n";
+ }
+
close(CONF);
# Rewrite all CCD configurations
projects / people / ms / ipfire-2.x.git / commitdiff
