diff options
author | Renato Botelho <renato@netgate.com> | 2015-12-28 16:40:21 -0200 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-12-28 16:40:21 -0200 |
commit | f1b7a0b1bc66ead820f5d8301ad7e9b2199cfb2c (patch) | |
tree | f956db575100820ee4e9348d45b849e099178b71 /src/etc | |
parent | 92c2bd7f56edbaab1e5e50077178bc52d764a657 (diff) | |
download | pfsense-f1b7a0b1bc66ead820f5d8301ad7e9b2199cfb2c.zip pfsense-f1b7a0b1bc66ead820f5d8301ad7e9b2199cfb2c.tar.gz |
Disable IPsec phase1 or phase2 using DES and inform user why they were disabled since DES is no longer supported. It should fix #5543
Diffstat (limited to 'src/etc')
-rw-r--r-- | src/etc/inc/globals.inc | 2 | ||||
-rw-r--r-- | src/etc/inc/upgrade_config.inc | 36 |
2 files changed, 37 insertions, 1 deletions
diff --git a/src/etc/inc/globals.inc b/src/etc/inc/globals.inc index a1fd43d..cd10100 100644 --- a/src/etc/inc/globals.inc +++ b/src/etc/inc/globals.inc @@ -96,7 +96,7 @@ $g = array( "disablecrashreporter" => false, "crashreporterurl" => "https://crashreporter.pfsense.org/crash_reporter.php", "debug" => false, - "latest_config" => "13.2", + "latest_config" => "13.3", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", diff --git a/src/etc/inc/upgrade_config.inc b/src/etc/inc/upgrade_config.inc index 6867522..fa411fc 100644 --- a/src/etc/inc/upgrade_config.inc +++ b/src/etc/inc/upgrade_config.inc @@ -4203,4 +4203,40 @@ function upgrade_131_to_132() { clear_all_log_files(false); } } + +function upgrade_132_to_133() { + global $config; + + if (isset($config['ipsec']['phase1']) && + is_array($config['ipsec']['phase1'])) { + foreach ($config['ipsec']['phase1'] as &$p1) { + if (isset($p1['encryption-algorithm']['name']) && + $p1['encryption-algorithm']['name'] == 'des') { + $p1['disabled'] = true; + file_notice("IPsec", + "DES is no longer supported, IPsec phase 1 " . + "item '{$p1['descr']}' is being disabled."); + } + } + } + + if (isset($config['ipsec']['phase2']) && + is_array($config['ipsec']['phase2'])) { + foreach ($config['ipsec']['phase2'] as &$p2) { + if (!isset($p2['encryption-algorithm-option']) || + !is_array($p2['encryption-algorithm-option'])) { + continue; + } + + foreach ($p2['encryption-algorithm-option'] as $ealgo) { + if ($ealgo['name'] == 'des') { + $p2['disabled'] = true; + file_notice("IPsec", + "DES is no longer supported, IPsec phase 2 " . + "item '{$p2['descr']}' is being disabled."); + } + } + } + } +} ?> |