diff options
author | Martin Schiller <ms@dev.tdt.de> | 2020-05-05 11:05:41 +0200 |
---|---|---|
committer | Martin Schiller <ms@dev.tdt.de> | 2020-05-05 11:05:41 +0200 |
commit | c029f2dc09703d3cfaf13d225904d56a587e61b9 (patch) | |
tree | ff96fd5b206436b15b9dff4d857fb30aa0915766 | |
parent | 318d44fdf51dda4e00ef6d56b091767b6c7d2f25 (diff) |
luci-app-openvpn: update tls_cipher list
Update the list of selectable TLS cipher suites.
The previous list consisted mostly of unsupported ciphers and the IANA
names should be used.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
-rw-r--r-- | applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua | 40 |
1 files changed, 21 insertions, 19 deletions
diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua index 97c0cbcc54..04934c8c11 100644 --- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua +++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua @@ -679,25 +679,27 @@ local knownParams = { { DynamicList, "tls_cipher", { - "DHE-RSA-AES256-SHA", - "DHE-DSS-AES256-SHA", - "AES256-SHA", - "EDH-RSA-DES-CBC3-SHA", - "EDH-DSS-DES-CBC3-SHA", - "DES-CBC3-SHA", - "DHE-RSA-AES128-SHA", - "DHE-DSS-AES128-SHA", - "AES128-SHA", - "RC4-SHA", - "RC4-MD5", - "EDH-RSA-DES-CBC-SHA", - "EDH-DSS-DES-CBC-SHA", - "DES-CBC-SHA", - "EXP-EDH-RSA-DES-CBC-SHA", - "EXP-EDH-DSS-DES-CBC-SHA", - "EXP-DES-CBC-SHA", - "EXP-RC2-CBC-MD5", - "EXP-RC4-MD5" + "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", + "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", + "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", + "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", + "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", + "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", + "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", + "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", + "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", + "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", + "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", + "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", + "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", + "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", + "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", + "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", + "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", + "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", + "TLS-DHE-RSA-WITH-AES-128-CBC-SHA" }, translate("TLS cipher") }, { DynamicList, |