diff options
author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-02-23 11:07:46 +0000 |
---|---|---|
committer | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-02-23 11:07:46 +0000 |
commit | 3fd4d5b9c595b43dddbb75cf0748450b36a5610a (patch) | |
tree | e61f82d191ec93b1b33fffeffb954a570c820442 | |
parent | 36dd8914ea4c5018d76e95a04d3a569599ea83a2 (diff) | |
download | vyos-1x-3fd4d5b9c595b43dddbb75cf0748450b36a5610a.tar.gz vyos-1x-3fd4d5b9c595b43dddbb75cf0748450b36a5610a.zip |
T5027: Enable legacy provider to support current ciphers
* We will need to remove insecure ciphers as a long-term solution (BF-CBC, DES...)
-rw-r--r-- | data/templates/openvpn/server.conf.j2 | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/data/templates/openvpn/server.conf.j2 b/data/templates/openvpn/server.conf.j2 index 6dd4ef88d..af866f2a6 100644 --- a/data/templates/openvpn/server.conf.j2 +++ b/data/templates/openvpn/server.conf.j2 @@ -213,6 +213,9 @@ keysize 256 data-ciphers {{ encryption.ncp_ciphers | openvpn_ncp_ciphers }} {% endif %} {% endif %} +# https://vyos.dev/T5027 +# Required to support BF-CBC (default ciphername when none given) +providers legacy default {% if hash is vyos_defined %} auth {{ hash }} |