admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(vpnunlimited): remove DEFAULT:@SECLEVEL=0

Browse Source
This commit is contained in:
Quentin McGaw
2023-12-22 09:39:34 +00:00
parent cfc29d6a6b
commit f8da1e79bc
2 changed files with 1 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
internal/configuration/settings/settings.go
View File

@@ -167,8 +167,7 @@ func (s Settings) Warnings() (warnings []string) {
" so this will likely not work anymore. See https://github.com/qdm12/gluetun/issues/1498.")
}
if helpers.IsOneOf(*s.VPN.Provider.Name, providers.SlickVPN,
providers.VPNUnlimited) &&
if helpers.IsOneOf(*s.VPN.Provider.Name, providers.SlickVPN) &&
s.VPN.Type == vpn.OpenVPN {
warnings = append(warnings, "OpenVPN 2.5 uses OpenSSL 3 "+
"which prohibits the usage of weak security in today's standards. "+

6
internal/provider/vpnunlimited/openvpnconf.go
View File

@@ -22,11 +22,5 @@ func (p *Provider) OpenVPNConfig(connection models.Connection,
},
}
// VPN Unlimited's certificate is sha1WithRSAEncryption and sha1 is now
// rejected by openssl 3.x.x which is used by OpenVPN >= 2.5.
// We lower the security level to 0 to allow this algorithm,
// see https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html
providerSettings.TLSCipher = `"DEFAULT:@SECLEVEL=0"`
return utils.OpenVPNConfig(providerSettings, connection, settings, ipv6Supported)
}