vpnmain.cgi: Fix writing ESP settings for PFS ciphers

The changes introduced due to #12091 caused IPsec ESP to be invalid if PFS ciphers were selected. Code has to read "!$pfs" instead of just "$pfs", as it should trigger for ciphers _without_ Perfect Forward Secrecy. Fixes #12099 Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-15 13:32:59 +02:00 · 2019-06-17 14:08:00 +00:00
parent faec909e1a
commit 0dd16f4047
1 changed files with 1 additions and 1 deletions
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -3338,7 +3338,7 @@ sub make_algos($$$$$) {
 						push(@algo, $int);
 					}

-					if ($pfs || $grp eq "none") {
+					if (!$pfs || $grp eq "none") {
 						# noop
 					} elsif ($grp =~ m/^e(.*)$/) {
 						push(@algo, "ecp$1");