summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-04-30 21:02:33 +0200
committerGitHub <noreply@github.com>2024-04-30 21:02:33 +0200
commit982221bb2649a7cef622d179f029f26bc3e1f3ed (patch)
tree12c974d444d15b6277b2ebb501baec52dc725dc0 /interface-definitions
parent021cc22ebf3cb9f81edb4ae6772385d5dc1c2c23 (diff)
parentef665adb7e44ef03e7f3e6f2cd1db88315ffcbe1 (diff)
downloadvyos-1x-982221bb2649a7cef622d179f029f26bc3e1f3ed.tar.gz
vyos-1x-982221bb2649a7cef622d179f029f26bc3e1f3ed.zip
Merge pull request #3377 from vyos/mergify/bp/sagitta/pr-3371
openconnect: T4982: Support defining minimum TLS version in openconnect VPN (backport #3371)
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/include/tls-version-min.xml.i29
-rw-r--r--interface-definitions/include/version/openconnect-version.xml.i2
-rw-r--r--interface-definitions/interfaces_openvpn.xml.in28
-rw-r--r--interface-definitions/vpn_openconnect.xml.in4
4 files changed, 35 insertions, 28 deletions
diff --git a/interface-definitions/include/tls-version-min.xml.i b/interface-definitions/include/tls-version-min.xml.i
new file mode 100644
index 000000000..b3dcbad49
--- /dev/null
+++ b/interface-definitions/include/tls-version-min.xml.i
@@ -0,0 +1,29 @@
+<!-- include start from tls-version-min.xml.i -->
+<leafNode name="tls-version-min">
+ <properties>
+ <help>Specify the minimum required TLS version</help>
+ <completionHelp>
+ <list>1.0 1.1 1.2 1.3</list>
+ </completionHelp>
+ <valueHelp>
+ <format>1.0</format>
+ <description>TLS v1.0</description>
+ </valueHelp>
+ <valueHelp>
+ <format>1.1</format>
+ <description>TLS v1.1</description>
+ </valueHelp>
+ <valueHelp>
+ <format>1.2</format>
+ <description>TLS v1.2</description>
+ </valueHelp>
+ <valueHelp>
+ <format>1.3</format>
+ <description>TLS v1.3</description>
+ </valueHelp>
+ <constraint>
+ <regex>(1.0|1.1|1.2|1.3)</regex>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/version/openconnect-version.xml.i b/interface-definitions/include/version/openconnect-version.xml.i
index 654806278..15097eebe 100644
--- a/interface-definitions/include/version/openconnect-version.xml.i
+++ b/interface-definitions/include/version/openconnect-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/openconnect-version.xml.i -->
-<syntaxVersion component='openconnect' version='2'></syntaxVersion>
+<syntaxVersion component='openconnect' version='3'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/interfaces_openvpn.xml.in b/interface-definitions/interfaces_openvpn.xml.in
index f7e8f8b9f..bbfe91d88 100644
--- a/interface-definitions/interfaces_openvpn.xml.in
+++ b/interface-definitions/interfaces_openvpn.xml.in
@@ -755,33 +755,7 @@
<constraintErrorMessage>Peer certificate fingerprint must be a colon-separated SHA256 hex digest</constraintErrorMessage>
</properties>
</leafNode>
- <leafNode name="tls-version-min">
- <properties>
- <help>Specify the minimum required TLS version</help>
- <completionHelp>
- <list>1.0 1.1 1.2 1.3</list>
- </completionHelp>
- <valueHelp>
- <format>1.0</format>
- <description>TLS v1.0</description>
- </valueHelp>
- <valueHelp>
- <format>1.1</format>
- <description>TLS v1.1</description>
- </valueHelp>
- <valueHelp>
- <format>1.2</format>
- <description>TLS v1.2</description>
- </valueHelp>
- <valueHelp>
- <format>1.3</format>
- <description>TLS v1.3</description>
- </valueHelp>
- <constraint>
- <regex>(1.0|1.1|1.2|1.3)</regex>
- </constraint>
- </properties>
- </leafNode>
+ #include <include/tls-version-min.xml.i>
<leafNode name="role">
<properties>
<help>TLS negotiation role</help>
diff --git a/interface-definitions/vpn_openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in
index 736084f8b..7849d6886 100644
--- a/interface-definitions/vpn_openconnect.xml.in
+++ b/interface-definitions/vpn_openconnect.xml.in
@@ -266,6 +266,10 @@
<valueless/>
</properties>
</leafNode>
+ #include <include/tls-version-min.xml.i>
+ <leafNode name="tls-version-min">
+ <defaultValue>1.2</defaultValue>
+ </leafNode>
<node name="ssl">
<properties>
<help>SSL Certificate, SSL Key and CA</help>