GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

do not enforce PFS on default strings

Browse Source 
That allows legacy clients connect.
This commit is contained in:
Nikos Mavrogiannopoulos
2015-01-11 12:22:25 +01:00
parent c3417f0830
commit 2f3d520c85
2 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/ocserv-args.def
View File

@@ -226,15 +226,15 @@ server-key = /path/to/key.pem
# GnuTLS priority string; note that SSL 3.0 is disabled by default
# as there are no openconnect (and possibly anyconnect clients) using
# that protocol. The default string below enforces perfect forward secrecy (PFS)
# on the main channel.
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128"
# that protocol. The string below does not enforce perfect forward
# secrecy, in order to be compatible with legacy clients.
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0:-ARCFOUR-128"
# More combinations in priority strings are available, check
# http://gnutls.org/manual/html_node/Priority-Strings.html
# E.g., to old default without perfect forward secrecy (PFS)
# on the main channel:
#tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0:-ARCFOUR-128"
# E.g., the string below enforces perfect forward secrecy (PFS)
# on the main channel.
#tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128"
# The time (in seconds) that a client is allowed to stay connected prior
# to authentication