Some security changes/hints.
This commit is contained in:
parent
b798216aa5
commit
267cb8f1f5
@ -462,13 +462,17 @@ cat << EOF >> "$_client_conf_file" 2> $log_file
|
||||
#
|
||||
# To use this feature, you will need to generate
|
||||
# your server certificates with the nsCertType
|
||||
# field set to "server". The build-key-serve
|
||||
# field set to "server". The build-key-server
|
||||
# script in the easy-rsa folder will do this.
|
||||
#
|
||||
# Note!
|
||||
# This option has been deprecated since version 2.4 and
|
||||
# will be removed from later distributions.
|
||||
# The option "ns-cert-type" has been deprecated since
|
||||
# version 2.4 and will be removed from later distributions.
|
||||
#
|
||||
# Use the modern equivalent "remote-cert-tls"
|
||||
#
|
||||
;ns-cert-type server
|
||||
remote-cert-tls server
|
||||
|
||||
# If a tls-auth key is used on the server
|
||||
# then every client must also have the key.
|
||||
@ -508,7 +512,7 @@ EOF
|
||||
|
||||
if [[ -n "$SERVER_CIPHER" ]]; then
|
||||
cat <<EOF >> "$_client_conf_file" 2>> "$log_file"
|
||||
cipher AES-256-CBC
|
||||
cipher $SERVER_CIPHER
|
||||
EOF
|
||||
fi
|
||||
|
||||
|
||||
@ -446,13 +446,17 @@ cat << EOF >> "$_client_conf_file" 2> $log_file
|
||||
#
|
||||
# To use this feature, you will need to generate
|
||||
# your server certificates with the nsCertType
|
||||
# field set to "server". The build-key-serve
|
||||
# field set to "server". The build-key-server
|
||||
# script in the easy-rsa folder will do this.
|
||||
#
|
||||
# Note!
|
||||
# This option has been deprecated since version 2.4 and
|
||||
# will be removed from later distributions.
|
||||
# The option "ns-cert-type" has been deprecated since
|
||||
# version 2.4 and will be removed from later distributions.
|
||||
#
|
||||
#ns-cert-type server
|
||||
# Use the modern equivalent "remote-cert-tls"
|
||||
#
|
||||
;ns-cert-type server
|
||||
remote-cert-tls server
|
||||
|
||||
# If a tls-auth key is used on the server
|
||||
# then every client must also have the key.
|
||||
@ -492,7 +496,7 @@ EOF
|
||||
|
||||
if [[ -n "$SERVER_CIPHER" ]]; then
|
||||
cat <<EOF >> "$_client_conf_file" 2>> "$log_file"
|
||||
cipher AES-256-CBC
|
||||
cipher $SERVER_CIPHER
|
||||
EOF
|
||||
fi
|
||||
|
||||
|
||||
@ -500,6 +500,12 @@ echo ""
|
||||
echo "Note: if setting this parameter at the server configuration, this parameter *must'"
|
||||
echo " also set this parameter at client configuration"
|
||||
echo ""
|
||||
echo " cipher BF-CBC # Blowfish (default)"
|
||||
echo " cipher AES-128-CBC # AES 128Bit"
|
||||
echo " cipher AES-256-CBC # AES 256Bit"
|
||||
echo " cipher DES-EDE3-CBC # Triple-DES"
|
||||
echo " ..."
|
||||
echo ""
|
||||
echo -e "Type \"\033[33mNone\033[m\" if no default cipher should be set."
|
||||
echo ""
|
||||
SERVER_CIPHER=""
|
||||
@ -1736,7 +1742,7 @@ EOF
|
||||
|
||||
if [[ -n "$SERVER_CIPHER" ]]; then
|
||||
cat <<EOF >> ${_server_conf_file} 2>> "$log_file"
|
||||
cipher AES-256-CBC
|
||||
cipher $SERVER_CIPHER
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
Loading…
Reference in New Issue
Block a user