mirror of
https://github.com/freebsd/freebsd-src
synced 2024-07-23 19:28:36 +00:00
if_ovpn: fix AES-128-GCM support
We need to explicitly list AES-128-GCM as an allowed cipher for that mode to work. While here also add AES-192-GCM. That brings our supported cipher list in line with other openvpn/dco platforms. Sponsored by: Rubicon Communications, LLC ("Netgate")
This commit is contained in:
parent
8cc44a1e59
commit
2c58d0cb3b
|
@ -694,7 +694,9 @@ ovpn_create_kkey_dir(struct ovpn_kkey_dir **kdirp,
|
|||
|
||||
if (strcmp(ciphername, "none") == 0)
|
||||
cipher = OVPN_CIPHER_ALG_NONE;
|
||||
else if (strcmp(ciphername, "AES-256-GCM") == 0)
|
||||
else if (strcmp(ciphername, "AES-256-GCM") == 0 ||
|
||||
strcmp(ciphername, "AES-192-GCM") == 0 ||
|
||||
strcmp(ciphername, "AES-128-GCM") == 0)
|
||||
cipher = OVPN_CIPHER_ALG_AES_GCM;
|
||||
else if (strcmp(ciphername, "CHACHA20-POLY1305") == 0)
|
||||
cipher = OVPN_CIPHER_ALG_CHACHA20_POLY1305;
|
||||
|
|
Loading…
Reference in a new issue