diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-04-30 08:29:28 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-04-30 08:29:28 +0200 |
| commit | a107a93ca1cf3b8b9b9223319d91e1741414fd40 (patch) | |
| tree | 091f3049b59eda617ad1879f158bb8bd4f4ec60d /interface-definitions | |
| parent | 08115436b454fff8bed09129963a04d1b1411227 (diff) | |
| parent | 9ff74d4370f0a5f66c303074796dab8b1ca5c4a5 (diff) | |
| download | vyos-1x-a107a93ca1cf3b8b9b9223319d91e1741414fd40.tar.gz vyos-1x-a107a93ca1cf3b8b9b9223319d91e1741414fd40.zip | |
Merge pull request #3371 from Embezzle/T4982
openconnect: T4982: Support defining minimum TLS version in openconnect VPN
Diffstat (limited to 'interface-definitions')
4 files changed, 35 insertions, 28 deletions
diff --git a/interface-definitions/include/tls-version-min.xml.i b/interface-definitions/include/tls-version-min.xml.i new file mode 100644 index 000000000..b3dcbad49 --- /dev/null +++ b/interface-definitions/include/tls-version-min.xml.i @@ -0,0 +1,29 @@ +<!-- include start from tls-version-min.xml.i --> +<leafNode name="tls-version-min"> + <properties> + <help>Specify the minimum required TLS version</help> + <completionHelp> + <list>1.0 1.1 1.2 1.3</list> + </completionHelp> + <valueHelp> + <format>1.0</format> + <description>TLS v1.0</description> + </valueHelp> + <valueHelp> + <format>1.1</format> + <description>TLS v1.1</description> + </valueHelp> + <valueHelp> + <format>1.2</format> + <description>TLS v1.2</description> + </valueHelp> + <valueHelp> + <format>1.3</format> + <description>TLS v1.3</description> + </valueHelp> + <constraint> + <regex>(1.0|1.1|1.2|1.3)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/version/openconnect-version.xml.i b/interface-definitions/include/version/openconnect-version.xml.i index 654806278..15097eebe 100644 --- a/interface-definitions/include/version/openconnect-version.xml.i +++ b/interface-definitions/include/version/openconnect-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/openconnect-version.xml.i --> -<syntaxVersion component='openconnect' version='2'></syntaxVersion> +<syntaxVersion component='openconnect' version='3'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/interfaces_openvpn.xml.in b/interface-definitions/interfaces_openvpn.xml.in index 389b5b5c9..7b46f32b3 100644 --- a/interface-definitions/interfaces_openvpn.xml.in +++ b/interface-definitions/interfaces_openvpn.xml.in @@ -739,33 +739,7 @@ <constraintErrorMessage>Peer certificate fingerprint must be a colon-separated SHA256 hex digest</constraintErrorMessage> </properties> </leafNode> - <leafNode name="tls-version-min"> - <properties> - <help>Specify the minimum required TLS version</help> - <completionHelp> - <list>1.0 1.1 1.2 1.3</list> - </completionHelp> - <valueHelp> - <format>1.0</format> - <description>TLS v1.0</description> - </valueHelp> - <valueHelp> - <format>1.1</format> - <description>TLS v1.1</description> - </valueHelp> - <valueHelp> - <format>1.2</format> - <description>TLS v1.2</description> - </valueHelp> - <valueHelp> - <format>1.3</format> - <description>TLS v1.3</description> - </valueHelp> - <constraint> - <regex>(1.0|1.1|1.2|1.3)</regex> - </constraint> - </properties> - </leafNode> + #include <include/tls-version-min.xml.i> <leafNode name="role"> <properties> <help>TLS negotiation role</help> diff --git a/interface-definitions/vpn_openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in index 736084f8b..7849d6886 100644 --- a/interface-definitions/vpn_openconnect.xml.in +++ b/interface-definitions/vpn_openconnect.xml.in @@ -266,6 +266,10 @@ <valueless/> </properties> </leafNode> + #include <include/tls-version-min.xml.i> + <leafNode name="tls-version-min"> + <defaultValue>1.2</defaultValue> + </leafNode> <node name="ssl"> <properties> <help>SSL Certificate, SSL Key and CA</help> |