From patchwork Sat Jun 4 13:15:03 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matteo Panella X-Patchwork-Id: 630171 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from arrakis.dune.hu (caladan.dune.hu [78.24.191.180]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3rMLzk71fKz9t44 for ; Sat, 4 Jun 2016 23:15:14 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=level28.org header.i=@level28.org header.b=g81tlyrx; dkim-atps=neutral Received: from arrakis.dune.hu (localhost [127.0.0.1]) by arrakis.dune.hu (Postfix) with ESMTP id D7337B809E2; Sat, 4 Jun 2016 15:15:06 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on arrakis.dune.hu X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00,T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.1 Received: from arrakis.dune.hu (localhost [127.0.0.1]) by arrakis.dune.hu (Postfix) with ESMTP; Sat, 4 Jun 2016 15:15:06 +0200 (CEST) Received: from arrakis.dune.hu (localhost [127.0.0.1]) by arrakis.dune.hu (Postfix) with ESMTP id 5EA25B809D6 for ; Sat, 4 Jun 2016 15:15:05 +0200 (CEST) X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 CL_IP_EQ_FROM_MX=-3.1; rate: -6.1 Received: from tassadar.level28.org (tassadar.level28.org [94.23.70.31]) by arrakis.dune.hu (Postfix) with ESMTPS for ; Sat, 4 Jun 2016 15:15:04 +0200 (CEST) Received: from vingilot.lan.level28.org (vingilot.ip6.level28.org [IPv6:2001:1418:195::7]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by tassadar.level28.org (Postfix) with ESMTPSA id 0C77D2F20D8; Sat, 4 Jun 2016 15:15:02 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=level28.org; s=default; t=1465046102; bh=TBJ46xsseQN4sH6J+sv3i7Y5iRiRex5Xc8FBaph3RXA=; h=From:To:Cc:Subject:Date:From; b=g81tlyrxd3tnL63djUbkiKMRyuv2AEsRwE0kyRA2ywc6HNmSSBXYGtTYDIMpe3PVJ 6XPkH3zIM8ZKCqXpkVyj5SqjL8a+089DUD5MWHNRV1Jvr3g90pjGxiQoauQ1UiWQ0z 8mXEudCMWt5//WJHMXwmGu1zGDP5dmYEAmUSFAbk= From: Matteo Panella To: mirko@openwrt.org Date: Sat, 4 Jun 2016 15:15:03 +0200 Message-Id: <20160604131503.12981-1-morpheus@level28.org> Subject: [OpenWrt-Devel] [PATCH] packages/openvpn: add support for tls-version-min X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: openwrt-devel@lists.openwrt.org MIME-Version: 1.0 Errors-To: openwrt-devel-bounces@lists.openwrt.org Sender: "openwrt-devel" Currently, the uci data model does not provide support for specifying the minimum TLS version supported in an OpenVPN instance (be it server or client). This patch adds support for writing the relevant option to the openvpn configuration file at service startup. Signed-off-by: Matteo Panella --- package/network/services/openvpn/files/openvpn.init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/network/services/openvpn/files/openvpn.init b/package/network/services/openvpn/files/openvpn.init index 5396d0b..6dac7b3 100644 --- a/package/network/services/openvpn/files/openvpn.init +++ b/package/network/services/openvpn/files/openvpn.init @@ -121,7 +121,7 @@ start_instance() { reneg_bytes reneg_pkts reneg_sec \ replay_persist replay_window resolv_retry route route_delay route_gateway \ route_metric route_pre_down route_up rport script_security secret server server_bridge setenv shaper sndbuf \ - socks_proxy status status_version syslog tcp_queue_limit tls_auth \ + socks_proxy status status_version syslog tcp_queue_limit tls_auth tls_version_min \ tls_cipher tls_remote tls_timeout tls_verify tmp_dir topology tran_window \ tun_mtu tun_mtu_extra txqueuelen user verb down push up \ verify_x509_name x509_username_field \