]> git.ipfire.org Git - ipfire-2.x.git/blobdiff - html/cgi-bin/vpnmain.cgi
projects / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
vpnmain.cgi: Use integrity functions as PRF for AEAD
[ipfire-2.x.git] / html / cgi-bin / vpnmain.cgi
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 55566d7cfb8ffa9df59c85dd4ab615ce8a162bc3..5c6fd72d7f5c466c56d2aed0cf48490bd07099e1 100644 (file)
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -3014,20 +3014,22 @@ sub make_algos($$$$$) {
                        foreach my $grp (@$grps) {
                                my @algo = ($enc);
 
-                               my $is_aead = ($enc =~ m/[cg]cm/);
-                               if (!$is_aead) {
+                               if ($mode eq "ike") {
                                        push(@algo, $int);
-                               }
 
-                               if ($mode eq "ike") {
                                        if ($grp =~ m/^e(\d+)/) {
                                                push(@algo, "ecp$1");
                                        } else {
                                                push(@algo, "modp$grp");
                                        }
-                               }
 
-                               if ($mode eq "esp" && $pfs) {
+                               } elsif ($mode eq "esp" && $pfs) {
+                                       my $is_aead = ($enc =~ m/[cg]cm/);
+
+                                       if (!$is_aead) {
+                                               push(@algo, $int);
+                                       }
+
                                        if ($grp =~ m/^e\d+/) {
                                                push(@algo, $grp);
                                        } else {
IPFire 2.x development tree