From: "Peter Müller" <peter.mueller@link38.eu>
To: development@lists.ipfire.org
Subject: [PATCH] mark 3DES and 1024 bit DH params as weak
Date: Sun, 10 Dec 2017 11:17:16 +0100 [thread overview]
Message-ID: <20171210111716.08300014.peter.mueller@link38.eu> (raw)
[-- Attachment #1: Type: text/plain, Size: 2607 bytes --]
These are not considered secure anymore but are unfortunately
still needed in some cases (legacy hardware, ...).
Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
---
html/cgi-bin/ovpnmain.cgi | 2 +-
html/cgi-bin/vpnmain.cgi | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index ceb88c156..638e8ef0f 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -1320,7 +1320,7 @@ END
<form method='post'><input type='hidden' name='AREUSURE' value='yes' />
<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
<select name='DHLENGHT'>
- <option value='1024' $selected{'DHLENGHT'}{'1024'}>1024 $Lang::tr{'bit'}</option>
+ <option value='1024' $selected{'DHLENGHT'}{'1024'}>1024 $Lang::tr{'bit'} ($Lang::tr{'vpn weak'})</option>
<option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option>
<option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option>
<option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option>
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index d6f6ecb33..3e8d1ef03 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -2470,7 +2470,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
<option value='aes128gcm64' $checked{'IKE_ENCRYPTION'}{'aes128gcm64'}>128 bit AES-GCM/64 bit ICV</option>
<option value='aes128' $checked{'IKE_ENCRYPTION'}{'aes128'}>128 bit AES-CBC</option>
<option value='camellia128' $checked{'IKE_ENCRYPTION'}{'camellia128'}>128 bit Camellia-CBC</option>
- <option value='3des' $checked{'IKE_ENCRYPTION'}{'3des'}>168 bit 3DES-EDE-CBC</option>
+ <option value='3des' $checked{'IKE_ENCRYPTION'}{'3des'}>168 bit 3DES-EDE-CBC ($Lang::tr{'vpn weak'})</option>
</select>
</td>
<td class='boldbase'>
@@ -2490,7 +2490,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
<option value='aes128gcm64' $checked{'ESP_ENCRYPTION'}{'aes128gcm64'}>128 bit AES-GCM/64 bit ICV</option>
<option value='aes128' $checked{'ESP_ENCRYPTION'}{'aes128'}>128 bit AES-CBC</option>
<option value='camellia128' $checked{'ESP_ENCRYPTION'}{'camellia128'}>128 bit Camellia-CBC</option>
- <option value='3des' $checked{'ESP_ENCRYPTION'}{'3des'}>168 bit 3DES-EDE-CBC</option>
+ <option value='3des' $checked{'ESP_ENCRYPTION'}{'3des'}>168 bit 3DES-EDE-CBC ($Lang::tr{'vpn weak'})</option>
</select>
</td>
</tr>
--
2.13.6
reply other threads:[~2017-12-10 10:17 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171210111716.08300014.peter.mueller@link38.eu \
--to=peter.mueller@link38.eu \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox