From 387f9bb2f8f11af872f6f78f4b12d7cd20ea8c58 Mon Sep 17 00:00:00 2001 From: vindenesen Date: Thu, 26 Sep 2019 15:33:27 +0200 Subject: [OpenVPN]: T1688: Added aes-gcm encryptions --- src/conf_mode/interface-openvpn.py | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/conf_mode/interface-openvpn.py') diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py index a988e1ab1..d00671a85 100755 --- a/src/conf_mode/interface-openvpn.py +++ b/src/conf_mode/interface-openvpn.py @@ -207,10 +207,16 @@ keysize 128 {%- elif 'bf256' in encryption %} cipher bf-cbc keysize 25 +{%- elif 'aes128gcm' in encryption %} +cipher aes-128-gcm {%- elif 'aes128' in encryption %} cipher aes-128-cbc +{%- elif 'aes192gcm' in encryption %} +cipher aes-192-gcm {%- elif 'aes192' in encryption %} cipher aes-192-cbc +{%- elif 'aes256gcm' in encryption %} +cipher aes-256-gcm {%- elif 'aes256' in encryption %} cipher aes-256-cbc {% endif %} -- cgit v1.2.3 From 9a4f89ad6752d9ad859ae124c97e3e4657f81aad Mon Sep 17 00:00:00 2001 From: vindenesen Date: Mon, 30 Sep 2019 20:12:06 +0200 Subject: [OpenVPN]: T1688: Added check to see if encryption gcm is used in combination with shared-secret-key-file, which is not supported (OpenVPN throws error message) --- src/conf_mode/interface-openvpn.py | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src/conf_mode/interface-openvpn.py') diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py index d00671a85..5345bf7a2 100755 --- a/src/conf_mode/interface-openvpn.py +++ b/src/conf_mode/interface-openvpn.py @@ -735,6 +735,9 @@ def verify(openvpn): # TLS/encryption # if openvpn['shared_secret_file']: + if openvpn['encryption'] in ['aes128gcm', 'aes192gcm', 'aes256gcm']: + raise ConfigError('GCM encryption with shared-secret-key-file is not supported') + if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['shared_secret_file']): raise ConfigError('Specified shared-secret-key-file "{}" is not valid'.format(openvpn['shared_secret_file'])) -- cgit v1.2.3