From: Martin Schiller <ms@dev.tdt.de>
Date: Thu, 18 Jul 2019 10:38:06 +0000 (+0200)
Subject: luci-app-openvpn: add new tls_ciphersuites option
X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=9f22543b5bf24d93ae4132a5cef9599d7a2e0487;p=project%2Fluci.git

luci-app-openvpn: add new tls_ciphersuites option

This is used to configure ciphers for TLS 1.3 or newer.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
---

diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
index 41581f4c7e..2bf36cb278 100644
--- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
+++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
@@ -680,6 +680,10 @@ local knownParams = {
 			"tls_cipher",
 			"DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5",
 			translate("TLS cipher") },
+		{ Value,
+			"tls_ciphersuites",
+			"TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256",
+			translate("TLS 1.3 or newer cipher") },
 		{ Value,
 			"tls_timeout",
 			2,