fix(slickvpn): lower TLS security level to 0

2023-03-25 14:38:27 +00:00
parent f6f3c110f0
commit 33a6f1c01b
1 changed files with 9 additions and 0 deletions
--- a/internal/provider/slickvpn/openvpnconf.go
+++ b/internal/provider/slickvpn/openvpnconf.go
@@ -26,5 +26,14 @@ func (p *Provider) OpenVPNConfig(connection models.Connection,
 			"redirect-gateway",
 		},
 	}
+
+	if settings.Version == openvpn.Openvpn25 {
+		// SlickVPN's certificate is sha1WithRSAEncryption and sha1 is now
+		// rejected by openssl 3.x.x which is used by OpenVPN >= 2.5.
+		// We lower the security level to 3 to allow this algorithm,
+		// see https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html
+		providerSettings.TLSCipher = "DEFAULT:@SECLEVEL=0"
+	}
+
 	return utils.OpenVPNConfig(providerSettings, connection, settings, ipv6Supported)
 }