summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorMartin Schiller <ms@dev.tdt.de>2020-05-05 11:05:41 +0200
committerMartin Schiller <ms@dev.tdt.de>2020-05-05 11:05:41 +0200
commitc029f2dc09703d3cfaf13d225904d56a587e61b9 (patch)
treeff96fd5b206436b15b9dff4d857fb30aa0915766
parent318d44fdf51dda4e00ef6d56b091767b6c7d2f25 (diff)
luci-app-openvpn: update tls_cipher list
Update the list of selectable TLS cipher suites. The previous list consisted mostly of unsupported ciphers and the IANA names should be used. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
-rw-r--r--applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua40
1 files changed, 21 insertions, 19 deletions
diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
index 97c0cbcc54..04934c8c11 100644
--- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
+++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
@@ -679,25 +679,27 @@ local knownParams = {
{ DynamicList,
"tls_cipher",
{
- "DHE-RSA-AES256-SHA",
- "DHE-DSS-AES256-SHA",
- "AES256-SHA",
- "EDH-RSA-DES-CBC3-SHA",
- "EDH-DSS-DES-CBC3-SHA",
- "DES-CBC3-SHA",
- "DHE-RSA-AES128-SHA",
- "DHE-DSS-AES128-SHA",
- "AES128-SHA",
- "RC4-SHA",
- "RC4-MD5",
- "EDH-RSA-DES-CBC-SHA",
- "EDH-DSS-DES-CBC-SHA",
- "DES-CBC-SHA",
- "EXP-EDH-RSA-DES-CBC-SHA",
- "EXP-EDH-DSS-DES-CBC-SHA",
- "EXP-DES-CBC-SHA",
- "EXP-RC2-CBC-MD5",
- "EXP-RC4-MD5"
+ "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
+ "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
+ "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
+ "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
+ "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+ "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+ "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
+ "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
+ "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
+ "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
+ "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
+ "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
+ "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
+ "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
+ "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
+ "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
+ "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
+ "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
+ "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
+ "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
+ "TLS-DHE-RSA-WITH-AES-128-CBC-SHA"
},
translate("TLS cipher") },
{ DynamicList,