T5027: Enable legacy provider to support current ciphers

* We will need to remove insecure ciphers as a long-term solution (BF-CBC, DES...)
author: Viacheslav Hletenko <v.gletenko@vyos.io> 2023-02-23 11:07:46 +0000
committer: Viacheslav Hletenko <v.gletenko@vyos.io> 2023-02-23 11:07:46 +0000
commit: 3fd4d5b9c595b43dddbb75cf0748450b36a5610a (patch)
tree: e61f82d191ec93b1b33fffeffb954a570c820442
parent: 36dd8914ea4c5018d76e95a04d3a569599ea83a2 (diff)
download: vyos-1x-3fd4d5b9c595b43dddbb75cf0748450b36a5610a.tar.gz
vyos-1x-3fd4d5b9c595b43dddbb75cf0748450b36a5610a.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/data/templates/openvpn/server.conf.j2 b/data/templates/openvpn/server.conf.j2
index 6dd4ef88d..af866f2a6 100644
--- a/data/templates/openvpn/server.conf.j2
+++ b/data/templates/openvpn/server.conf.j2
@@ -213,6 +213,9 @@ keysize 256
 data-ciphers {{ encryption.ncp_ciphers | openvpn_ncp_ciphers }}
 {%     endif %}
 {% endif %}
+# https://vyos.dev/T5027
+# Required to support BF-CBC (default ciphername when none given)
+providers legacy default
 
 {% if hash is vyos_defined %}
 auth {{ hash }}
author	Viacheslav Hletenko <v.gletenko@vyos.io>	2023-02-23 11:07:46 +0000
committer	Viacheslav Hletenko <v.gletenko@vyos.io>	2023-02-23 11:07:46 +0000
commit	3fd4d5b9c595b43dddbb75cf0748450b36a5610a (patch)
tree	e61f82d191ec93b1b33fffeffb954a570c820442
parent	36dd8914ea4c5018d76e95a04d3a569599ea83a2 (diff)
download	vyos-1x-3fd4d5b9c595b43dddbb75cf0748450b36a5610a.tar.gz vyos-1x-3fd4d5b9c595b43dddbb75cf0748450b36a5610a.zip