--- rpms/smeserver-openvpn-s2s/contribs10/smeserver-openvpn-s2s-0.2-sme10.patch 2021/03/30 05:20:13 1.3
+++ rpms/smeserver-openvpn-s2s/contribs10/smeserver-openvpn-s2s-0.2-sme10.patch 2021/03/30 05:23:57 1.4
@@ -85,8 +85,8 @@ diff -Nur --no-dereference smeserver-ope
+
+
-+ UNSECURE
-+ Unsecure parameter
++ INSECURE
++ Insecure parameter
+
+
+ SUGGESTED
@@ -476,9 +476,9 @@ diff -Nur --no-dereference smeserver-ope
$status = $fm->localise('DISABLED');
}
+ my $cipher = $config->prop('cipher') || 'BF-CBC';
-+ $cipher = "". $fm->localise('UNSECURE'). " $cipher " unless ($cipher =~ /(128|192|256|512|SEED)/ );
++ $cipher = "". $fm->localise('INSECURE'). " $cipher " unless ($cipher =~ /(128|192|256|512|SEED)/ );
+ my $hmac = $config->prop('HMAC') || 'SHA1';
-+ $hmac= "". $fm->localise('UNSECURE'). " $hmac " unless ($hmac eq "whirlpool" || $hmac =~ /(512|256|384|224)$/);
++ $hmac= "". $fm->localise('INSECURE'). " $hmac " unless ($hmac eq "whirlpool" || $hmac =~ /(512|256|384|224)$/);
+ my $authe = $config->prop('Authentication') || '';
+ my $linkup = "". $fm->localise('DOWN')."" ;
+ use Net::Ping;
@@ -583,7 +583,7 @@ diff -Nur --no-dereference smeserver-ope
+=head2 get_ciphers_options
+list obtained using
+openvpn --show-ciphers | egrep '^[A-Z]{2}' | sed 's/ by//; s/ default//; s/block,/block/; s/)// ' | awk {'print " '\''" $1 "'\'' => '\''" $1 $2 " " $4 " " $5 " " $7")'\''," '}
-+then reduced to remove most of unsecure ciphers
++then reduced to remove most of insecure ciphers
+Using a CBC or GCM mode is recommended.
+In static key mode only CBC mode is allowed.
+