Additions (TLS-Cipher and HMAC Auth)

Add: 1. TLS Cipher - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 2. HMAC_Auth - SHA224
2026-03-14 22:58:50 +01:00 · 2017-09-26 15:08:14 +05:00
commit d91ba0feab
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -419,8 +419,9 @@ else
 	elif [[ "$CERT_TYPE" = '2' ]]; then
 		echo "   1) ECDHE-RSA-AES-256-GCM-SHA384 (recommended)"
 		echo "   2) ECDHE-RSA-AES-128-GCM-SHA256"
-		while [[ $CC_ENC != "1" && $CC_ENC != "2" ]]; do
+		echo "   3) DHE-RSA-AES-128-GCM-SHA256"
-			read -p "Control channel cipher [1-2]: " -e -i 1 CC_ENC
+		while [[ $CC_ENC != "1" && $CC_ENC != "2" && $CC_ENC != "3" ]]; do
 			read -p "Control channel cipher [1-3]: " -e -i 1 CC_ENC
 		done
 		case $CC_ENC in
 			1)
@@ -429,6 +430,9 @@ else
 			2)
 				CC_ENC="TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256"
 			;;
 			3)
 				CC_ENC="TLS-DHE-RSA-WITH-AES-128-GCM-SHA256"
 			;;
 		esac
 	fi
 	echo ""
@@ -447,20 +451,24 @@ else
 		echo "Choose which message digest algorithm you want to use for the data channel packets"
 		echo "and the tls-auth/tls-crypt control channel packets:"
 	fi
-	echo "   1) SHA-256"
+	echo "   1) SHA-224"
-	echo "   2) SHA-384 (recommended)"
+	echo "   2) SHA-256"
-	echo "   3) SHA-512"
+	echo "   3) SHA-384 (recommended)"
-		while [[ $HMAC_AUTH != "1" && $HMAC_AUTH != "2" && $HMAC_AUTH != "3" ]]; do
+	echo "   4) SHA-512"
 		while [[ $HMAC_AUTH != "1" && $HMAC_AUTH != "2" && $HMAC_AUTH != "3" && $HMAC_AUTH != "4" ]]; do
 			read -p "HMAC authentication algorithm [1-3]: " -e -i 2 HMAC_AUTH
 	done
 	case $HMAC_AUTH in
 		1)
-			HMAC_AUTH="SHA256"
+			HMAC_AUTH="SHA224"
 		;;
 		2)
-			HMAC_AUTH="SHA384"
+			HMAC_AUTH="SHA256"
 		;;
 		3)
 			HMAC_AUTH="SHA384"
 		;;
 		4)
 			HMAC_AUTH="SHA512"
 		;;
 	esac