summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2023-02-23 11:07:46 +0000
committerViacheslav Hletenko <v.gletenko@vyos.io>2023-02-23 11:07:46 +0000
commit3fd4d5b9c595b43dddbb75cf0748450b36a5610a (patch)
treee61f82d191ec93b1b33fffeffb954a570c820442
parent36dd8914ea4c5018d76e95a04d3a569599ea83a2 (diff)
downloadvyos-1x-3fd4d5b9c595b43dddbb75cf0748450b36a5610a.tar.gz
vyos-1x-3fd4d5b9c595b43dddbb75cf0748450b36a5610a.zip
T5027: Enable legacy provider to support current ciphers
* We will need to remove insecure ciphers as a long-term solution (BF-CBC, DES...)
-rw-r--r--data/templates/openvpn/server.conf.j23
1 files changed, 3 insertions, 0 deletions
diff --git a/data/templates/openvpn/server.conf.j2 b/data/templates/openvpn/server.conf.j2
index 6dd4ef88d..af866f2a6 100644
--- a/data/templates/openvpn/server.conf.j2
+++ b/data/templates/openvpn/server.conf.j2
@@ -213,6 +213,9 @@ keysize 256
data-ciphers {{ encryption.ncp_ciphers | openvpn_ncp_ciphers }}
{% endif %}
{% endif %}
+# https://vyos.dev/T5027
+# Required to support BF-CBC (default ciphername when none given)
+providers legacy default
{% if hash is vyos_defined %}
auth {{ hash }}