Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(vpnunlimited): lower TLS security level to 3 #1476

Merged
merged 2 commits into from
Apr 11, 2023
Merged

fix(vpnunlimited): lower TLS security level to 3 #1476

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b3d4397
fix(vpnunlimited): lower TLS security level to 3
qdm12 Mar 25, 2023
f9f592d
Update internal/provider/vpnunlimited/openvpnconf.go
qdm12 Apr 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions internal/provider/vpnunlimited/openvpnconf.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package vpnunlimited

import (
"github.com/qdm12/gluetun/internal/configuration/settings"
"github.com/qdm12/gluetun/internal/constants/openvpn"
"github.com/qdm12/gluetun/internal/models"
"github.com/qdm12/gluetun/internal/provider/utils"
)
Expand All @@ -18,5 +19,14 @@ func (p *Provider) OpenVPNConfig(connection models.Connection,
"route-metric 1",
},
}

if settings.Version != openvpn.Openvpn24 {
// VPN Unlimited's certificate is sha1WithRSAEncryption and sha1 is now
// rejected by openssl 3.x.x which is used by OpenVPN >= 2.5.
// We lower the security level to 0 to allow this algorithm,
// see https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html
providerSettings.TLSCipher = `"DEFAULT:@SECLEVEL=0"`
}

return utils.OpenVPNConfig(providerSettings, connection, settings, ipv6Supported)
}