Prepare for TLS 1.3

This commit is contained in:
Lauri Võsandi 2021-04-22 15:27:11 +03:00
parent c79870c506
commit 1fbdea09ba
1 changed files with 8 additions and 2 deletions

View File

@ -383,8 +383,14 @@ def certidude_enroll(fork, no_wait, kerberos):
fh.write("nobind\n") fh.write("nobind\n")
fh.write("remote %s 1194 udp\n" % endpoint) fh.write("remote %s 1194 udp\n" % endpoint)
fh.write("remote %s 443 tcp\n" % endpoint) fh.write("remote %s 443 tcp\n" % endpoint)
fh.write("tls-version-min 1.2\n") fh.write("tls-version-min %s\n" % bootstrap["openvpn"]["tls_version_min"])
fh.write("tls-cipher %s\n" % bootstrap["openvpn"]["tls_cipher"]) if bootstrap["openvpn"]["tls_version_min"] == "1.3":
fh.write("tls-ciphersuites %s\n" % bootstrap["openvpn"]["tls_ciphersuites"])
elif bootstrap["openvpn"]["tls_version_min"] == "1.2":
fh.write("tls-cipher %s\n" % bootstrap["openvpn"]["tls_cipher"])
else:
raise NotImplementedError("Unsupported TLS version")
fh.write("ncp-disable\n")
fh.write("cipher %s\n" % bootstrap["openvpn"]["cipher"]) fh.write("cipher %s\n" % bootstrap["openvpn"]["cipher"])
fh.write("auth %s\n" % bootstrap["openvpn"]["auth"]) fh.write("auth %s\n" % bootstrap["openvpn"]["auth"])
fh.write("mute-replay-warnings\n") fh.write("mute-replay-warnings\n")