From bdf96d864e005a88627ebd7db259b85abe3547df Mon Sep 17 00:00:00 2001
From: Quentin McGaw <quentin.mcgaw@gmail.com>
Date: Fri, 27 Mar 2020 01:10:54 +0000
Subject: [PATCH] Check custom cipher value for each vpn provider

---
 internal/settings/settings.go | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/internal/settings/settings.go b/internal/settings/settings.go
index c51bdab0..da5d754b 100644
--- a/internal/settings/settings.go
+++ b/internal/settings/settings.go
@@ -52,18 +52,25 @@ func GetAllSettings(params params.ParamsReader) (settings Settings, err error) {
 	}
 	switch settings.VPNSP {
 	case "pia":
+		switch settings.OpenVPN.Cipher {
+		case "", "aes-128-cbc", "aes-256-cbc", "aes-128-gcm", "aes-256-gcm":
+		default:
+			return settings, fmt.Errorf("cipher %q is not supported by Private Internet Access", settings.OpenVPN.Cipher)
+		}
 		settings.PIA, err = GetPIASettings(params)
-		if err != nil {
-			return settings, err
-		}
 	case "mullvad":
-		settings.Mullvad, err = GetMullvadSettings(params)
-		if err != nil {
-			return settings, err
+		switch settings.OpenVPN.Cipher {
+		case "":
+		default:
+			return settings, fmt.Errorf("cipher %q is not supported by Mullvad", settings.OpenVPN.Cipher)
 		}
+		settings.Mullvad, err = GetMullvadSettings(params)
 	default:
 		return settings, fmt.Errorf("VPN service provider %q is not valid", settings.VPNSP)
 	}
+	if err != nil {
+		return settings, err
+	}
 	settings.DNS, err = GetDNSSettings(params)
 	if err != nil {
 		return settings, err