[PATCH] mark 3DES and 1024 bit DH params as weak

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

* [PATCH] mark 3DES and 1024 bit DH params as weak
@ 2017-12-10 10:17 Peter Müller
  0 siblings, 0 replies; only message in thread
From: Peter Müller @ 2017-12-10 10:17 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 2607 bytes --]

These are not considered secure anymore but are unfortunately
still needed in some cases (legacy hardware, ...).

Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
---
 html/cgi-bin/ovpnmain.cgi | 2 +-
 html/cgi-bin/vpnmain.cgi  | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index ceb88c156..638e8ef0f 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -1320,7 +1320,7 @@ END
 		<form method='post'><input type='hidden' name='AREUSURE' value='yes' />
 		<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
 			<select name='DHLENGHT'>
-				<option value='1024' $selected{'DHLENGHT'}{'1024'}>1024 $Lang::tr{'bit'}</option>
+				<option value='1024' $selected{'DHLENGHT'}{'1024'}>1024 $Lang::tr{'bit'} ($Lang::tr{'vpn weak'})</option>
 				<option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option>
 				<option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option>
 				<option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option>
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index d6f6ecb33..3e8d1ef03 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -2470,7 +2470,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 					<option value='aes128gcm64' $checked{'IKE_ENCRYPTION'}{'aes128gcm64'}>128 bit AES-GCM/64 bit ICV</option>
 					<option value='aes128' $checked{'IKE_ENCRYPTION'}{'aes128'}>128 bit AES-CBC</option>
 					<option value='camellia128' $checked{'IKE_ENCRYPTION'}{'camellia128'}>128 bit Camellia-CBC</option>
-					<option value='3des' $checked{'IKE_ENCRYPTION'}{'3des'}>168 bit 3DES-EDE-CBC</option>
+					<option value='3des' $checked{'IKE_ENCRYPTION'}{'3des'}>168 bit 3DES-EDE-CBC ($Lang::tr{'vpn weak'})</option>
 				</select>
 			</td>
 			<td class='boldbase'>
@@ -2490,7 +2490,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 					<option value='aes128gcm64' $checked{'ESP_ENCRYPTION'}{'aes128gcm64'}>128 bit AES-GCM/64 bit ICV</option>
 					<option value='aes128' $checked{'ESP_ENCRYPTION'}{'aes128'}>128 bit AES-CBC</option>
 					<option value='camellia128' $checked{'ESP_ENCRYPTION'}{'camellia128'}>128 bit Camellia-CBC</option>
-					<option value='3des' $checked{'ESP_ENCRYPTION'}{'3des'}>168 bit 3DES-EDE-CBC</option>
+					<option value='3des' $checked{'ESP_ENCRYPTION'}{'3des'}>168 bit 3DES-EDE-CBC ($Lang::tr{'vpn weak'})</option>
 				</select>
 			</td>
 		</tr>
-- 
2.13.6



^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2017-12-10 10:17 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-12-10 10:17 [PATCH] mark 3DES and 1024 bit DH params as weak Peter Müller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox