From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 5 Jun 2019 09:22:53 +0000 (+0100)
Subject: vpnmain.cgi: Fix wrong cipher suite generation when PFS is disabled
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=66bca544a7c389a5f0f807b90891a2c230311bf5;p=people%2Fms%2Fipfire-2.x.git

vpnmain.cgi: Fix wrong cipher suite generation when PFS is disabled

Fixes: #12091
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index ecf860d85b..4b737b3a82 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -3331,14 +3331,14 @@ sub make_algos($$$$$) {
 						push(@algo, "modp$grp");
 					}
 
-				} elsif ($mode eq "esp" && $pfs) {
+				} elsif ($mode eq "esp") {
 					my $is_aead = ($enc =~ m/[cg]cm/);
 
 					if (!$is_aead) {
 						push(@algo, $int);
 					}
 
-					if ($grp eq "none") {
+					if ($pfs || $grp eq "none") {
 						# noop
 					} elsif ($grp =~ m/^e(.*)$/) {
 						push(@algo, "ecp$1");