admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(vpnunlimited): lower TLS security level to 0 (#1476)

Browse Source
This commit is contained in:
Quentin McGaw
2023-04-11 14:08:54 +02:00
committed by GitHub
parent 8fa4fd1b64
commit 16ecf48b89
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
internal/provider/vpnunlimited/openvpnconf.go
View File

@@ -2,6 +2,7 @@ package vpnunlimited
import ( import (
"github.com/qdm12/gluetun/internal/configuration/settings" "github.com/qdm12/gluetun/internal/configuration/settings"
"github.com/qdm12/gluetun/internal/constants/openvpn"
"github.com/qdm12/gluetun/internal/models" "github.com/qdm12/gluetun/internal/models"
"github.com/qdm12/gluetun/internal/provider/utils" "github.com/qdm12/gluetun/internal/provider/utils"
) )
@@ -18,5 +19,14 @@ func (p *Provider) OpenVPNConfig(connection models.Connection,
"route-metric 1", "route-metric 1",
}, },
} }
if settings.Version != openvpn.Openvpn24 {
// VPN Unlimited's certificate is sha1WithRSAEncryption and sha1 is now
// rejected by openssl 3.x.x which is used by OpenVPN >= 2.5.
// We lower the security level to 0 to allow this algorithm,
// see https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html
providerSettings.TLSCipher = `"DEFAULT:@SECLEVEL=0"`
}
return utils.OpenVPNConfig(providerSettings, connection, settings, ipv6Supported) return utils.OpenVPNConfig(providerSettings, connection, settings, ipv6Supported)
} }