luci-app-openvpn: add new tls_ciphersuites option

This is used to configure ciphers for TLS 1.3 or newer.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>

diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
index 41581f4c7e798ea5772b91ded7effe293946d59a..2bf36cb27877997a7a3040865fa68388561a79e0 100644 (file)
--- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
+++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
@@ -680,6 +680,10 @@ local knownParams = {
                        "tls_cipher",
                        "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5",
                        translate("TLS cipher") },
+               { Value,
+                       "tls_ciphersuites",
+                       "TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256",
+                       translate("TLS 1.3 or newer cipher") },
                { Value,
                        "tls_timeout",
                        2,