diff options
author | vindenesen <vindenesen@gmail.com> | 2019-09-19 20:31:58 +0200 |
---|---|---|
committer | vindenesen <vindenesen@gmail.com> | 2019-09-19 20:31:58 +0200 |
commit | 9334c9428c4dcf8d575bfb50d6a33d10b67b5e14 (patch) | |
tree | 4a62ec3ab04c4067c2cf3c620f5c9285fa479a2a /src/conf_mode/interface-openvpn.py | |
parent | 4a2a06f400593107393755777fdd42b57bbaa21b (diff) | |
download | vyos-1x-9334c9428c4dcf8d575bfb50d6a33d10b67b5e14.tar.gz vyos-1x-9334c9428c4dcf8d575bfb50d6a33d10b67b5e14.zip |
OpenVPN - Added setting for minimum tls version
Diffstat (limited to 'src/conf_mode/interface-openvpn.py')
-rwxr-xr-x | src/conf_mode/interface-openvpn.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py index 34c094862..495ddfdf5 100755 --- a/src/conf_mode/interface-openvpn.py +++ b/src/conf_mode/interface-openvpn.py @@ -167,6 +167,10 @@ key {{ tls_key }} crl-verify {{ tls_crl }} {% endif %} +{%- if tls_version_min %} +tls-version-min {{tls_version_min}} +{% endif %} + {%- if tls_dh %} dh {{ tls_dh }} {% endif %} @@ -283,6 +287,7 @@ default_config_data = { 'tls_dh': '', 'tls_key': '', 'tls_role': '', + 'tls_version_min': '', 'type': 'tun', 'uid': user, 'gid': group, @@ -562,6 +567,10 @@ def get_config(): openvpn['tls_role'] = conf.return_value('tls role') openvpn['tls'] = True + # Minimum required TLS version + if conf.exists('tls minimum-tls-version'): + openvpn['tls_version_min'] = conf.return_value('tls minimum-tls-version') + if conf.exists('shared-secret-key-file'): openvpn['shared_secret_file'] = conf.return_value('shared-secret-key-file') |