Add more than one cipogers to tls-cipher

Just in case we need to fallback or downgrade
This commit is contained in:
Florian Stosse 2016-03-21 13:20:35 +01:00
parent 8b89b1743c
commit b15cd6cf81

View File

@ -294,10 +294,15 @@ tls-version-min 1.2" > /etc/openvpn/server.conf
if [[ "$VARIANT" = '1' ]]; then
# If the user selected the fast, less hardened version
# Or if the user selected a non-existant variant, we fallback to fast
echo "tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256" >> /etc/openvpn/server.conf
echo "tls-cipher DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256::DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-RSA\
\-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:\
\AES128-SHA" >> /etc/openvpn/server.conf
elif [[ "$VARIANT" = '2' ]]; then
# If the user selected the relatively slow, ultra hardened version
echo "tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384" >> /etc/openvpn/server.conf
echo "tls-cipher DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-\
\SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-RSA\
\-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:\
\AES128-SHA" >> /etc/openvpn/server.conf
fi
echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server.conf
# DNS