diff options
author | Alex W <embezzle.dev@proton.me> | 2024-04-29 20:53:51 +0100 |
---|---|---|
committer | Alex W <embezzle.dev@proton.me> | 2024-04-29 20:53:51 +0100 |
commit | 9ff74d4370f0a5f66c303074796dab8b1ca5c4a5 (patch) | |
tree | 60d235ab78dfe2e3bd22f0ba417c7e1506ceb0ef /data | |
parent | aa15f74818ca2cb35696315cc5cb0c57335f6911 (diff) | |
download | vyos-1x-9ff74d4370f0a5f66c303074796dab8b1ca5c4a5.tar.gz vyos-1x-9ff74d4370f0a5f66c303074796dab8b1ca5c4a5.zip |
openconnect: T4982: Support defining minimum TLS version in openconnect VPN
Diffstat (limited to 'data')
-rw-r--r-- | data/templates/ocserv/ocserv_config.j2 | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/data/templates/ocserv/ocserv_config.j2 b/data/templates/ocserv/ocserv_config.j2 index b5e890c32..81f777031 100644 --- a/data/templates/ocserv/ocserv_config.j2 +++ b/data/templates/ocserv/ocserv_config.j2 @@ -61,7 +61,15 @@ keepalive = 300 dpd = 60 mobile-dpd = 300 switch-to-tcp-timeout = 30 +{% if tls_version_min == '1.0' %} tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128" +{% elif tls_version_min == '1.1' %} +tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128:-VERS-TLS1.0" +{% elif tls_version_min == '1.2' %} +tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128:-VERS-TLS1.0:-VERS-TLS1.1" +{% elif tls_version_min == '1.3' %} +tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.2" +{% endif %} auth-timeout = 240 idle-timeout = 1200 mobile-idle-timeout = 1800 |