From 851d476bfd879c924e3188aa85eb67224ede732a Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Thu, 23 Aug 2018 16:54:32 +0200
Subject: [PATCH] Explizit set cipher, default to 'cipher BF-CBC'.

---
 build_key-pass.sh    |  8 +++++++-
 create_key_config.sh |  1 +
 install_openvpn.sh   | 15 +++++++++++----
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/build_key-pass.sh b/build_key-pass.sh
index 9b50350..37539af 100755
--- a/build_key-pass.sh
+++ b/build_key-pass.sh
@@ -520,9 +520,15 @@ cat << EOF >> "$_client_conf_file"  2> $log_file
 EOF
 
 if [[ -n "$SERVER_CIPHER" ]]; then
-   cat <<EOF >> "$_client_conf_file" 2>> "$log_file"
+   if [[ "${SERVER_CIPHER,,}" = "none" ]]; then
+      cat <<EOF >> "$_client_conf_file" 2>> "$log_file"
+cipher BF-CBC
+EOF
+   else
+      cat <<EOF >> "$_client_conf_file" 2>> "$log_file"
 cipher $SERVER_CIPHER
 EOF
+   fi
 else
    cat <<EOF >> "$_client_conf_file" 2>> "$log_file"
 cipher BF-CBC
diff --git a/create_key_config.sh b/create_key_config.sh
index dcdfa3e..d585c0d 100755
--- a/create_key_config.sh
+++ b/create_key_config.sh
@@ -180,6 +180,7 @@ fi
 
 
 [[ "${SERVER_CIPHER,,}" = "none" ]] && SERVER_CIPHER="BF-CBC"
+[[ "${SERVER_CIPHER,,}" = "" ]] && SERVER_CIPHER="BF-CBC"
 if [[ -z "$LZO_COMPRESSION" ]]; then
    LZO_COMPRESSION=true
 elif $LZO_COMPRESSION ; then
diff --git a/install_openvpn.sh b/install_openvpn.sh
index ca130eb..1964324 100755
--- a/install_openvpn.sh
+++ b/install_openvpn.sh
@@ -181,7 +181,7 @@ DEFAULT_KEY_EMAIL='argus@oopen.de'
 DEFAULT_KEY_ORG='o.open'
 DEFAULT_KEY_OU="Network Services"
 
-DEFAULT_SERVER_CIPHER="None"
+DEFAULT_SERVER_CIPHER="BF-CBC"
 #DEFAULT_SERVER_CIPHER="AES-256-CBC"
 
 
@@ -498,7 +498,7 @@ if [[ "X$SERVER_CIPHER" = "X" ]]; then
    SERVER_CIPHER="$DEFAULT_SERVER_CIPHER"
 fi
 if [[ "$(trim ${SERVER_CIPHER,,})" = none ]]; then
-   SERVER_CIPHER=""
+   SERVER_CIPHER="$DEFAULT_SERVER_CIPHER"
 fi
 
 echo ""
@@ -856,13 +856,20 @@ EOF
 fi
 
 if [[ -n "$SERVER_CIPHER" ]] ; then
-   cat << EOF >> $_openvpn_name_conf_file 2> $log_file
+   if [[ "${SERVER_CIPHER,,}" = "none" ]]; then
+      cat <<EOF >> "$_client_conf_file" 2>> "$log_file"
+cipher BF-CBC
+
+EOF
+   else
+      cat << EOF >> $_openvpn_name_conf_file 2> $log_file
 SERVER_CIPHER="$SERVER_CIPHER"
 
 EOF
+   fi
 else
    cat << EOF >> $_openvpn_name_conf_file 2> $log_file
-SERVER_CIPHER="none"
+SERVER_CIPHER="$DEFAULT_SERVER_CIPHER"
 
 EOF
 fi