diff options
| -rw-r--r-- | src/openvpn/ssl.c | 21 | ||||
| -rw-r--r-- | src/openvpn/ssl_openssl.c | 2 |
2 files changed, 12 insertions, 11 deletions
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 54a3e09..529d14d 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -232,18 +232,19 @@ static const tls_cipher_name_pair tls_cipher_name_translation_table[] = { {"SRP-RSA-AES-128-CBC-SHA", "TLS-SRP-SHA-RSA-WITH-AES-128-CBC-SHA"}, {"SRP-RSA-AES-256-CBC-SHA", "TLS-SRP-SHA-RSA-WITH-AES-256-CBC-SHA"}, #ifdef ENABLE_CRYPTO_OPENSSL + /* OpenSSL-specific group names */ {"DEFAULT", "DEFAULT"}, {"ALL", "ALL"}, - {"HIGH", "HIGH"}, - {"MEDIUM", "MEDIUM"}, - {"LOW", "LOW"}, - {"ECDH", "ECDH"}, - {"ECDSA", "ECDSA"}, - {"EDH", "EDH"}, - {"EXP", "EXP"}, - {"RSA", "RSA"}, - {"kRSA", "kRSA"}, - {"SRP", "SRP"}, + {"HIGH", "HIGH"}, {"!HIGH", "!HIGH"}, + {"MEDIUM", "MEDIUM"}, {"!MEDIUM", "!MEDIUM"}, + {"LOW", "LOW"}, {"!LOW", "!LOW"}, + {"ECDH", "ECDH"}, {"!ECDH", "!ECDH"}, + {"ECDSA", "ECDSA"}, {"!ECDSA", "!ECDSA"}, + {"EDH", "EDH"}, {"!EDH", "!EDH"}, + {"EXP", "EXP"}, {"!EXP", "!EXP"}, + {"RSA", "RSA"}, {"!RSA", "!RSA"}, + {"kRSA", "kRSA"}, {"!kRSA", "!kRSA"}, + {"SRP", "SRP"}, {"!SRP", "!SRP"}, #endif {NULL, NULL} }; diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index df9fa87..a38c41b 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -272,7 +272,7 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) // Issue warning on missing translation // %.*s format specifier expects length of type int, so guarantee // that length is small enough and cast to int. - msg (M_WARN, "No valid translation found for TLS cipher '%.*s'", + msg (D_LOW, "No valid translation found for TLS cipher '%.*s'", constrain_int(current_cipher_len, 0, 256), current_cipher); } else |