summaryrefslogtreecommitdiff
path: root/data/templates/openvpn
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@baturin.org>2023-10-09 17:30:12 +0100
committerDaniil Baturin <daniil@baturin.org>2023-10-12 01:30:25 +0100
commit941c5adfaca2c7e3318b2ba0e7f36c37acaa53c1 (patch)
treed789396f1f47a1da5b1cfe8dded0cee007409d5e /data/templates/openvpn
parent1280734bc53b84581c8470ccefed6aea2db3183a (diff)
downloadvyos-1x-941c5adfaca2c7e3318b2ba0e7f36c37acaa53c1.tar.gz
vyos-1x-941c5adfaca2c7e3318b2ba0e7f36c37acaa53c1.zip
openvpn: T5634: Remove support for insecure DES and Blowfish ciphers
Diffstat (limited to 'data/templates/openvpn')
-rw-r--r--data/templates/openvpn/server.conf.j29
1 files changed, 1 insertions, 8 deletions
diff --git a/data/templates/openvpn/server.conf.j2 b/data/templates/openvpn/server.conf.j2
index 2eb9416fe..746155c37 100644
--- a/data/templates/openvpn/server.conf.j2
+++ b/data/templates/openvpn/server.conf.j2
@@ -205,19 +205,12 @@ tls-server
{% if encryption is vyos_defined %}
{% if encryption.cipher is vyos_defined %}
cipher {{ encryption.cipher | openvpn_cipher }}
-{% if encryption.cipher is vyos_defined('bf128') %}
-keysize 128
-{% elif encryption.cipher is vyos_defined('bf256') %}
-keysize 256
-{% endif %}
{% endif %}
{% if encryption.ncp_ciphers is vyos_defined %}
data-ciphers {{ encryption.ncp_ciphers | openvpn_ncp_ciphers }}
{% endif %}
{% endif %}
-# https://vyos.dev/T5027
-# Required to support BF-CBC (default ciphername when none given)
-providers legacy default
+providers default
{% if hash is vyos_defined %}
auth {{ hash }}