git.bettercrypto.org / ach-master.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 68a5bba)
Converted cipher names to IANA format to get rid of message: "Deprecated TLS cipher...
authorKrzysztof Burghardt <krzysztof@burghardt.pl>
Fri, 23 Dec 2016 01:00:32 +0000 (02:00 +0100)
committerKrzysztof Burghardt <krzysztof@burghardt.pl>
Fri, 23 Dec 2016 01:00:32 +0000 (02:00 +0100)
OpenVPN option line is limited to 256 characters and IANA format is longer
than OpenSSL one. Following ciphers where removed to keep length limit:
 - DHE-RSA-CAMELLIA128-SHA (IANA name TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA),
 - DHE-RSA-AES128-SHA (TLS-DHE-RSA-WITH-AES-128-CBC-SHA),
 - CAMELLIA256-SHA (TLS-RSA-WITH-CAMELLIA-256-CBC-SHA),
 - AES256-SHA (TLS-RSA-WITH-AES-256-CBC-SHA),
 - CAMELLIA128-SHA (TLS-RSA-WITH-CAMELLIA-128-CBC-SHA),
 - AES128-SHA (TLS-RSA-WITH-AES-128-CBC-SHA).

src/configuration/VPNs/OpenVPN/client.conf patch | blob | history

diff --git a/src/configuration/VPNs/OpenVPN/client.conf b/src/configuration/VPNs/OpenVPN/client.conf
index e55051a..fae1618 100644 (file)
--- a/src/configuration/VPNs/OpenVPN/client.conf
+++ b/src/configuration/VPNs/OpenVPN/client.conf
@@ -113,7 +113,7 @@ ns-cert-type server
 # then you must also specify it here.
 ;cipher x
 # Attention: it must fit in 256 bytes, so not the infamous CipherStringB!
-tls-cipher DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
+tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA
 cipher AES-256-CBC
 auth SHA384
 
applied crypto hardening (master repo)