webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 03:07:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

IPsec: Mark MODP<=1024 and MD5 as broken and SHA1 as weak

Browse Source 
Since we somehow have to support these algorithms this patch
adds some information for the user that it is very strongly
discouraged to use them in production.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2017-04-20 12:53:53 +01:00
parent 2c2cf3918b
commit c94d1976d3
11 changed files with 34 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
html/cgi-bin/vpnmain.cgi
View File

@@ -2503,8 +2503,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
<option value='sha2_384' $checked{'IKE_INTEGRITY'}{'sha2_384'}>SHA2 384 bit</option>
<option value='sha2_256' $checked{'IKE_INTEGRITY'}{'sha2_256'}>SHA2 256 bit</option>
<option value='aesxcbc' $checked{'IKE_INTEGRITY'}{'aesxcbc'}>AES XCBC</option>
<option value='sha' $checked{'IKE_INTEGRITY'}{'sha'}>SHA1</option>
<option value='md5' $checked{'IKE_INTEGRITY'}{'md5'}>MD5</option>
<option value='sha' $checked{'IKE_INTEGRITY'}{'sha'}>SHA1 ($Lang::tr{'vpn weak'})</option>
<option value='md5' $checked{'IKE_INTEGRITY'}{'md5'}>MD5i ($Lang::tr{'vpn broken'})</option>
</select>
</td>
<td class='boldbase'>
@@ -2513,8 +2513,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
<option value='sha2_384' $checked{'ESP_INTEGRITY'}{'sha2_384'}>SHA2 384 bit</option>
<option value='sha2_256' $checked{'ESP_INTEGRITY'}{'sha2_256'}>SHA2 256 bit</option>
<option value='aesxcbc' $checked{'ESP_INTEGRITY'}{'aesxcbc'}>AES XCBC</option>
<option value='sha1' $checked{'ESP_INTEGRITY'}{'sha1'}>SHA1</option>
<option value='md5' $checked{'ESP_INTEGRITY'}{'md5'}>MD5</option>
<option value='sha1' $checked{'ESP_INTEGRITY'}{'sha1'}>SHA1 ($Lang::tr{'vpn weak'})</option>
<option value='md5' $checked{'ESP_INTEGRITY'}{'md5'}>MD5 ($Lang::tr{'vpn broken'})</option>
</select>
</td>
</tr>
@@ -2550,8 +2550,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
<option value='2048s160' $checked{'IKE_GROUPTYPE'}{'2048s160'}>MODP-2048/160</option>
<option value='2048' $checked{'IKE_GROUPTYPE'}{'2048'}>MODP-2048</option>
<option value='1536' $checked{'IKE_GROUPTYPE'}{'1536'}>MODP-1536</option>
<option value='1024' $checked{'IKE_GROUPTYPE'}{'1024'}>MODP-1024</option>
<option value='768' $checked{'IKE_GROUPTYPE'}{'768'}>MODP-768</option>
<option value='1024' $checked{'IKE_GROUPTYPE'}{'1024'}>MODP-1024 ($Lang::tr{'vpn broken'})</option>
<option value='768' $checked{'IKE_GROUPTYPE'}{'768'}>MODP-768 ($Lang::tr{'vpn broken'})</option>
</select>
</td>
<td class='boldbase'>
@@ -2575,8 +2575,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
<option value='2048s160' $checked{'ESP_GROUPTYPE'}{'2048s160'}>MODP-2048/160</option>
<option value='2048' $checked{'ESP_GROUPTYPE'}{'2048'}>MODP-2048</option>
<option value='1536' $checked{'ESP_GROUPTYPE'}{'1536'}>MODP-1536</option>
<option value='1024' $checked{'ESP_GROUPTYPE'}{'1024'}>MODP-1024</option>
<option value='768' $checked{'ESP_GROUPTYPE'}{'768'}>MODP-768</option>
<option value='1024' $checked{'ESP_GROUPTYPE'}{'1024'}>MODP-1024 ($Lang::tr{'vpn broken'})</option>
<option value='768' $checked{'ESP_GROUPTYPE'}{'768'}>MODP-768 ($Lang::tr{'vpn broken'})</option>
<option value='none' $checked{'ESP_GROUPTYPE'}{'none'}>- $Lang::tr{'none'} -</option>
</select>
</td>