From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@link38.eu>
To: development@lists.ipfire.org
Subject: [PATCH] correct default hash and DH params settings
Date: Sun, 07 Jan 2018 11:34:50 +0100
Message-ID: <20180107113450.03a62842.peter.mueller@link38.eu>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1804137005691824992=="
List-Id: <development.lists.ipfire.org>

--===============1804137005691824992==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Default hash algorithm is now SHA512 instead of SHA1, but
the description text has not been updated, yet.

Further, make sure that 1024 bit DH parameters are always
marked as weak.

Signed-off-by: Peter M=C3=BCller <peter.mueller(a)link38.eu>
---
 html/cgi-bin/ovpnmain.cgi | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 638e8ef0f..71fd6f06b 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -2002,7 +2002,7 @@ END
 	    </select></td>
 	<tr><td class=3D'base'>$Lang::tr{'ovpn dh'}:</td>
 		<td class=3D'base'><select name=3D'DHLENGHT'>
-				<option value=3D'1024' $selected{'DHLENGHT'}{'1024'}>1024 $Lang::tr{'bit=
'}</option>
+				<option value=3D'1024' $selected{'DHLENGHT'}{'1024'}>1024 $Lang::tr{'bit=
'} ($Lang::tr{'vpn weak'})</option>
 				<option value=3D'2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit=
'}</option>
 				<option value=3D'3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit=
'}</option>
 				<option value=3D'4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit=
'}</option>
@@ -2847,7 +2847,7 @@ print <<END;
 				<option value=3D'SHA1'			$selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{=
'bit'}, $Lang::tr{'vpn weak'})</option>
 			</select>
 		</td>
-		<td>$Lang::tr{'openvpn default'}: <span class=3D"base">SHA1 (160 $Lang::tr=
{'bit'})</span></td>
+		<td>$Lang::tr{'openvpn default'}: <span class=3D"base">SHA2 (512 $Lang::tr=
{'bit'})</span></td>
     </tr>
 </table>
=20
@@ -4567,10 +4567,9 @@ if ($cgiparams{'TYPE'} eq 'net') {
     $selected{'DAUTH'}{'SHA384'} =3D '';
     $selected{'DAUTH'}{'SHA256'} =3D '';
     $selected{'DAUTH'}{'SHA1'} =3D '';
-    # If no hash algorythm has been choosen yet, select
-    # the old default value (SHA1) for compatiblity reasons.
+    # Use SHA512 as default.
     if ($cgiparams{'DAUTH'} eq '') {
-	$cgiparams{'DAUTH'} =3D 'SHA1';
+	$cgiparams{'DAUTH'} =3D 'SHA512';
     }
     $selected{'DAUTH'}{$cgiparams{'DAUTH'}} =3D 'SELECTED';
=20
--=20
2.13.6



--===============1804137005691824992==--