OpenVPN: Use SHA512 by default

This will break compatibility with old clients like
Windows XP, but these are too old now to be supported.

SHA1 is considered to be weak and should not be used any more

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 037894d50bf941d870e55e311932a71c04dbf94b..618dfc1af6d47de66988a4b648655ec777710626 100644 (file)
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -2631,7 +2631,7 @@ ADV_ERROR:
                $cgiparams{'PMTU_DISCOVERY'} = 'off';
     }
     if ($cgiparams{'DAUTH'} eq '') {
-               $cgiparams{'DAUTH'} = 'SHA1';
+               $cgiparams{'DAUTH'} = 'SHA512';
     }
     if ($cgiparams{'TLSAUTH'} eq '') {
                $cgiparams{'TLSAUTH'} = 'off';
@@ -4454,7 +4454,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
         $cgiparams{'MSSFIX'} = 'on';
         $cgiparams{'FRAGMENT'} = '1300';
        $cgiparams{'PMTU_DISCOVERY'} = 'off';
-       $cgiparams{'DAUTH'} = 'SHA1';
+       $cgiparams{'DAUTH'} = 'SHA512';
 ###
 # m.a.d n2n end
 ###    
@@ -5037,7 +5037,7 @@ END
                $cgiparams{'MSSFIX'} = 'off';
     }
        if ($cgiparams{'DAUTH'} eq '') {
-               $cgiparams{'DAUTH'} = 'SHA1';
+               $cgiparams{'DAUTH'} = 'SHA512';
     }
     if ($cgiparams{'DOVPN_SUBNET'} eq '') {
                $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';