summaryrefslogtreecommitdiff
path: root/data/templates
diff options
context:
space:
mode:
authorJohn Estabrook <jestabro@vyos.io>2023-10-11 19:43:52 -0500
committerGitHub <noreply@github.com>2023-10-11 19:43:52 -0500
commit526f19eaf7953ff96e6b92c798aa7b3df42a7472 (patch)
treeac4a4b043de6bf81662d706705f6c30eb30c22aa /data/templates
parentf51c3b07daf21c261306cf41d7d1f3dfd473b0fb (diff)
parent941c5adfaca2c7e3318b2ba0e7f36c37acaa53c1 (diff)
downloadvyos-1x-526f19eaf7953ff96e6b92c798aa7b3df42a7472.tar.gz
vyos-1x-526f19eaf7953ff96e6b92c798aa7b3df42a7472.zip
Merge pull request #2353 from dmbaturin/T5634-no-more-blowfish
openvpn: T5634: Remove support for insecure DES and Blowfish ciphers
Diffstat (limited to 'data/templates')
-rw-r--r--data/templates/openvpn/server.conf.j29
1 files changed, 1 insertions, 8 deletions
diff --git a/data/templates/openvpn/server.conf.j2 b/data/templates/openvpn/server.conf.j2
index 2eb9416fe..746155c37 100644
--- a/data/templates/openvpn/server.conf.j2
+++ b/data/templates/openvpn/server.conf.j2
@@ -205,19 +205,12 @@ tls-server
{% if encryption is vyos_defined %}
{% if encryption.cipher is vyos_defined %}
cipher {{ encryption.cipher | openvpn_cipher }}
-{% if encryption.cipher is vyos_defined('bf128') %}
-keysize 128
-{% elif encryption.cipher is vyos_defined('bf256') %}
-keysize 256
-{% endif %}
{% endif %}
{% if encryption.ncp_ciphers is vyos_defined %}
data-ciphers {{ encryption.ncp_ciphers | openvpn_ncp_ciphers }}
{% endif %}
{% endif %}
-# https://vyos.dev/T5027
-# Required to support BF-CBC (default ciphername when none given)
-providers legacy default
+providers default
{% if hash is vyos_defined %}
auth {{ hash }}