Currently, the uci data model does not provide support for specifying
the minimum TLS version supported in an OpenVPN instance (be it server
or client).
This patch adds support for writing the relevant option to the openvpn
configuration file at service startup.
Signed-off-by: Matteo Panella <morph...@level28.org>
---
package/network/services/openvpn/files/openvpn.init | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package/network/services/openvpn/files/openvpn.init
b/package/network/services/openvpn/files/openvpn.init
index 5396d0b..6dac7b3 100644
--- a/package/network/services/openvpn/files/openvpn.init
+++ b/package/network/services/openvpn/files/openvpn.init
@@ -121,7 +121,7 @@ start_instance() {
reneg_bytes reneg_pkts reneg_sec \
replay_persist replay_window resolv_retry route route_delay
route_gateway \
route_metric route_pre_down route_up rport script_security
secret server server_bridge setenv shaper sndbuf \
- socks_proxy status status_version syslog tcp_queue_limit
tls_auth \
+ socks_proxy status status_version syslog tcp_queue_limit
tls_auth tls_version_min \
tls_cipher tls_remote tls_timeout tls_verify tmp_dir topology
tran_window \
tun_mtu tun_mtu_extra txqueuelen user verb down push up \
verify_x509_name x509_username_field \
--
2.8.3
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
