openvpn: T5487: Remove deprecated option --cipher for server and client mode

author: Nataliia Solomko <natalirs1985@gmail.com> 2024-06-11 18:04:18 +0300
committer: Nataliia Solomko <natalirs1985@gmail.com> 2024-07-03 16:10:50 +0300
commit: 854f9f8c27e5bc07cffa41a0d3e39ff293ba024c (patch)
tree: f91f23e3feb5b586179a9de69eea39ea1cfc0a77 /src/conf_mode
parent: 82607438d6df5291c581d802c7a2a98eabe084ff (diff)
download: vyos-1x-854f9f8c27e5bc07cffa41a0d3e39ff293ba024c.tar.gz
vyos-1x-854f9f8c27e5bc07cffa41a0d3e39ff293ba024c.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces_openvpn.py b/src/conf_mode/interfaces_openvpn.py
index 627cc90ba..017010a61 100755
--- a/src/conf_mode/interfaces_openvpn.py
+++ b/src/conf_mode/interfaces_openvpn.py
@@ -515,6 +515,10 @@ def verify(openvpn):
                 print('Warning: using dh-params and EC keys simultaneously will ' \
                       'lead to DH ciphers being used instead of ECDH')
 
+        if dict_search('encryption.cipher', openvpn):
+            raise ConfigError('"encryption cipher" option is deprecated for TLS mode. '
+                              'Use "encryption ncp-ciphers" instead')
+
     if dict_search('encryption.cipher', openvpn) == 'none':
         print('Warning: "encryption none" was specified!')
         print('No encryption will be performed and data is transmitted in ' \
author	Nataliia Solomko <natalirs1985@gmail.com>	2024-06-11 18:04:18 +0300
committer	Nataliia Solomko <natalirs1985@gmail.com>	2024-07-03 16:10:50 +0300
commit	854f9f8c27e5bc07cffa41a0d3e39ff293ba024c (patch)
tree	f91f23e3feb5b586179a9de69eea39ea1cfc0a77 /src/conf_mode
parent	82607438d6df5291c581d802c7a2a98eabe084ff (diff)
download	vyos-1x-854f9f8c27e5bc07cffa41a0d3e39ff293ba024c.tar.gz vyos-1x-854f9f8c27e5bc07cffa41a0d3e39ff293ba024c.zip