openvpn: T5634: Remove support for insecure DES and Blowfish ciphers

author: Daniil Baturin <daniil@baturin.org> 2023-10-09 17:30:12 +0100
committer: Daniil Baturin <daniil@baturin.org> 2023-10-12 01:30:25 +0100
commit: 941c5adfaca2c7e3318b2ba0e7f36c37acaa53c1 (patch)
tree: d789396f1f47a1da5b1cfe8dded0cee007409d5e /interface-definitions
parent: 1280734bc53b84581c8470ccefed6aea2db3183a (diff)
download: vyos-1x-941c5adfaca2c7e3318b2ba0e7f36c37acaa53c1.tar.gz
vyos-1x-941c5adfaca2c7e3318b2ba0e7f36c37acaa53c1.zip
3 files changed, 8 insertions, 20 deletions
diff --git a/interface-definitions/include/version/openvpn-version.xml.i b/interface-definitions/include/version/openvpn-version.xml.i
new file mode 100644
index 000000000..f2f60dcd6
--- /dev/null
+++ b/interface-definitions/include/version/openvpn-version.xml.i
@@ -0,0 +1,3 @@
+!-- include start from include/version/openvpn-version.xml.i -->
+<syntaxVersion component='openvpn' version='1'></syntaxVersion>
+<!-- include end -->
diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in
index 831659250..b8b04334c 100644
--- a/interface-definitions/interfaces-openvpn.xml.in
+++ b/interface-definitions/interfaces-openvpn.xml.in
@@ -48,29 +48,17 @@
                 <properties>
                   <help>Standard Data Encryption Algorithm</help>
                   <completionHelp>
-                    <list>none des 3des bf128 bf256 aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list>
+                    <list>none 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list>
                   </completionHelp>
                   <valueHelp>
                     <format>none</format>
                     <description>Disable encryption</description>
                   </valueHelp>
                   <valueHelp>
-                    <format>des</format>
-                    <description>DES algorithm</description>
-                  </valueHelp>
-                  <valueHelp>
                     <format>3des</format>
                     <description>DES algorithm with triple encryption</description>
                   </valueHelp>
                   <valueHelp>
-                    <format>bf128</format>
-                    <description>Blowfish algorithm with 128-bit key</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>bf256</format>
-                    <description>Blowfish algorithm with 256-bit key</description>
-                  </valueHelp>
-                  <valueHelp>
                     <format>aes128</format>
                     <description>AES algorithm with 128-bit key CBC</description>
                   </valueHelp>
@@ -95,7 +83,7 @@
                     <description>AES algorithm with 256-bit key GCM</description>
                   </valueHelp>
                   <constraint>
-                    <regex>(none|des|3des|bf128|bf256|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex>
+                    <regex>(none|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex>
                   </constraint>
                 </properties>
               </leafNode>
@@ -103,17 +91,13 @@
                 <properties>
                   <help>Cipher negotiation list for use in server or client mode</help>
                   <completionHelp>
-                    <list>none des 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list>
+                    <list>none 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list>
                   </completionHelp>
                   <valueHelp>
                     <format>none</format>
                     <description>Disable encryption</description>
                   </valueHelp>
                   <valueHelp>
-                    <format>des</format>
-                    <description>DES algorithm</description>
-                  </valueHelp>
-                  <valueHelp>
                     <format>3des</format>
                     <description>DES algorithm with triple encryption</description>
                   </valueHelp>
@@ -142,7 +126,7 @@
                     <description>AES algorithm with 256-bit key GCM</description>
                   </valueHelp>
                   <constraint>
-                    <regex>(none|des|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex>
+                    <regex>(none|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex>
                   </constraint>
                   <multi/>
                 </properties>
diff --git a/interface-definitions/xml-component-version.xml.in b/interface-definitions/xml-component-version.xml.in
index 8c9e816d1..cae3423dc 100644
--- a/interface-definitions/xml-component-version.xml.in
+++ b/interface-definitions/xml-component-version.xml.in
@@ -19,6 +19,7 @@
   #include <include/version/ids-version.xml.i>
   #include <include/version/ipoe-server-version.xml.i>
   #include <include/version/ipsec-version.xml.i>
+  #include <include/version/openvpn-version.xml.i>
   #include <include/version/isis-version.xml.i>
   #include <include/version/l2tp-version.xml.i>
   #include <include/version/lldp-version.xml.i>
author	Daniil Baturin <daniil@baturin.org>	2023-10-09 17:30:12 +0100
committer	Daniil Baturin <daniil@baturin.org>	2023-10-12 01:30:25 +0100
commit	941c5adfaca2c7e3318b2ba0e7f36c37acaa53c1 (patch)
tree	d789396f1f47a1da5b1cfe8dded0cee007409d5e /interface-definitions
parent	1280734bc53b84581c8470ccefed6aea2db3183a (diff)
download	vyos-1x-941c5adfaca2c7e3318b2ba0e7f36c37acaa53c1.tar.gz vyos-1x-941c5adfaca2c7e3318b2ba0e7f36c37acaa53c1.zip