vpnmain.cgi: Fix wrong cipher suite generation when PFS is disabled

Fixes: #12091 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-27 11:13:24 +02:00 · 2019-06-05 10:22:53 +01:00
parent 01320a141d
commit 745915d82c
1 changed files with 2 additions and 2 deletions
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -3331,14 +3331,14 @@ sub make_algos($$$$$) {
 						push(@algo, "modp$grp");
 					}

-				} elsif ($mode eq "esp" && $pfs) {
+				} elsif ($mode eq "esp") {
 					my $is_aead = ($enc =~ m/[cg]cm/);

 					if (!$is_aead) {
 						push(@algo, $int);
 					}

-					if ($grp eq "none") {
+					if ($pfs || $grp eq "none") {
 						# noop
 					} elsif ($grp =~ m/^e(.*)$/) {
 						push(@algo, "ecp$1");