vpnmain.cgi: Fix wrong cipher suite generation when PFS is disabled

author Michael Tremer <michael.tremer@ipfire.org>

Wed, 5 Jun 2019 09:22:53 +0000 (10:22 +0100)

committer Michael Tremer <michael.tremer@ipfire.org>

Wed, 5 Jun 2019 04:07:27 +0000 (05:07 +0100)
author Michael Tremer <michael.tremer@ipfire.org>
Wed, 5 Jun 2019 09:22:53 +0000 (10:22 +0100)
committer Michael Tremer <michael.tremer@ipfire.org>
Wed, 5 Jun 2019 04:07:27 +0000 (05:07 +0100)
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi

index ecf860d85b5ab90ab4036547677f5d4c1b19b59a..4b737b3a8265911fb5581c2906749dc89861f707 100644 (file)
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -3331,14 +3331,14 @@ sub make_algos($$$$$) {
                                                 push(@algo, "modp$grp");
                                         }
  
-                               } elsif ($mode eq "esp" && $pfs) {
+                               } elsif ($mode eq "esp") {
                                         my $is_aead = ($enc =~ m/[cg]cm/);
  
                                         if (!$is_aead) {
                                                 push(@algo, $int);
                                         }
  
-                                       if ($grp eq "none") {
+                                       if ($pfs || $grp eq "none") {
                                                 # noop
                                         } elsif ($grp =~ m/^e(.*)$/) {
                                                 push(@algo, "ecp$1");
author	Michael Tremer <michael.tremer@ipfire.org>
	Wed, 5 Jun 2019 09:22:53 +0000 (10:22 +0100)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Wed, 5 Jun 2019 04:07:27 +0000 (05:07 +0100)