Wrap force ciphersuite and min tbs version properties

2026-04-24 00:00:05 +08:00 · 2017-04-24 13:34:50 +03:00
parent 61228ed00d
commit 2fc3e13911
2 changed files with 84 additions and 0 deletions
@@ -50,6 +50,22 @@ typedef NS_ENUM(NSInteger, OpenVPNCompressionMode) {
    OpenVPNCompressionModeDefault
 };
 /**
 Minimum TLS version options
 */
 typedef NS_ENUM(NSInteger, OpenVPNMinTLSVersion) {
    /// Don't specify a minimum, and disable any minimum specified in profile
    OpenVPNMinTLSVersionDisabled,
    /// Use TLS 1.0 minimum (overrides profile)
    OpenVPNMinTLSVersion10,
    /// Use TLS 1.1 minimum (overrides profile)
    OpenVPNMinTLSVersion11,
    /// Use TLS 1.2 minimum (overrides profile)
    OpenVPNMinTLSVersion12,
    /// Use profile minimum
    OpenVPNMinTLSVersionDefault
 };
@interface OpenVPNConfiguration : NSObject
 /**
@@ -134,4 +150,18 @@ typedef NS_ENUM(NSInteger, OpenVPNCompressionMode) {
 */
@property (nonatomic) NSInteger keyDirection;
 /**
 If YES, force ciphersuite to be one of:
 1. TLS_DHE_RSA_WITH_AES_256_CBC_SHA, or
 2. TLS_DHE_RSA_WITH_AES_128_CBC_SHA
 and disable setting TLS minimum version.
 This is intended for compatibility with legacy systems.
 */
@property (nonatomic) BOOL forceCiphersuitesAESCBC;
 /**
 Override the minimum TLS version
 */
@property (nonatomic) OpenVPNMinTLSVersion minTLSVersion;
@end
@@ -261,4 +261,58 @@ using namespace openvpn;
    _config.defaultKeyDirection = keyDirection;
 }
 - (BOOL)forceCiphersuitesAESCBC {
    return _config.forceAesCbcCiphersuites;
 }
 -(void)setForceCiphersuitesAESCBC:(BOOL)forceCiphersuitesAESCBC {
    _config.forceAesCbcCiphersuites = forceCiphersuitesAESCBC;
 }
 - (OpenVPNMinTLSVersion)minTLSVersion {
    NSDictionary *options = @{
        @"disabled": @(OpenVPNMinTLSVersionDisabled),
        @"tls_1_0": @(OpenVPNMinTLSVersion10),
        @"tls_1_1": @(OpenVPNMinTLSVersion11),
        @"tls_1_2": @(OpenVPNMinTLSVersion12),
        @"default": @(OpenVPNMinTLSVersionDefault),
        @"": @(OpenVPNMinTLSVersionDefault)
    };
    NSString *currentValue = [NSString stringWithUTF8String:_config.tlsVersionMinOverride.c_str()];
    NSNumber *preference = options[currentValue];
    NSAssert(preference != nil, @"Incorrect minTLSVersion value");
    return (OpenVPNMinTLSVersion)[preference integerValue];
 }
 - (void)setMinTLSVersion:(OpenVPNMinTLSVersion)minTLSVersion {
    switch (minTLSVersion) {
        case OpenVPNMinTLSVersionDisabled:
            _config.tlsVersionMinOverride = "disabled";
            break;
        case OpenVPNMinTLSVersion10:
            _config.tlsVersionMinOverride = "tls_1_0";
            break;
        case OpenVPNMinTLSVersion11:
            _config.tlsVersionMinOverride = "tls_1_1";
            break;
        case OpenVPNMinTLSVersion12:
            _config.tlsVersionMinOverride = "tls_1_2";
            break;
        case OpenVPNMinTLSVersionDefault:
            _config.tlsVersionMinOverride = "default";
            break;
        default:
            NSAssert(NO, @"Incorrect OpenVPNMinTLSVersion value");
            break;
    }
 }
@end