Commit 5a933303 authored by David Woodhouse's avatar David Woodhouse

Add --dtls12-ciphers option

Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
parent cbe8d36e
......@@ -284,9 +284,12 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
}
if (vpninfo->dtls_ciphers)
buf_append(reqbuf, "X-DTLS-CipherSuite: %s\r\n", vpninfo->dtls_ciphers);
else {
if (vpninfo->dtls_ciphers || vpninfo->dtls12_ciphers) {
if (vpninfo->dtls_ciphers)
buf_append(reqbuf, "X-DTLS-CipherSuite: %s\r\n", vpninfo->dtls_ciphers);
if (vpninfo->dtls12_ciphers)
buf_append(reqbuf, "X-DTLS12-CipherSuite: %s\r\n", vpninfo->dtls12_ciphers);
} else {
struct oc_text_buf *dtls_cl, *dtls12_cl;
dtls_cl = buf_alloc();
......
......@@ -158,6 +158,7 @@ enum {
OPT_CSD_WRAPPER,
OPT_DISABLE_IPV6,
OPT_DTLS_CIPHERS,
OPT_DTLS12_CIPHERS,
OPT_DUMP_HTTP,
OPT_FORCE_DPD,
OPT_GNUTLS_DEBUG,
......@@ -251,6 +252,7 @@ static const struct option long_options[] = {
OPTION("no-passwd", 0, OPT_NO_PASSWD),
OPTION("reconnect-timeout", 1, OPT_RECONNECT_TIMEOUT),
OPTION("dtls-ciphers", 1, OPT_DTLS_CIPHERS),
OPTION("dtls12-ciphers", 1, OPT_DTLS12_CIPHERS),
OPTION("authgroup", 1, OPT_AUTHGROUP),
OPTION("servercert", 1, OPT_SERVERCERT),
OPTION("resolve", 1, OPT_RESOLVE),
......@@ -1307,6 +1309,9 @@ int main(int argc, char **argv)
case OPT_DTLS_CIPHERS:
vpninfo->dtls_ciphers = keep_config_arg();
break;
case OPT_DTLS12_CIPHERS:
vpninfo->dtls12_ciphers = keep_config_arg();
break;
case OPT_AUTHGROUP:
authgroup = keep_config_arg();
break;
......
......@@ -427,6 +427,7 @@ struct openconnect_info {
int nopasswd;
int xmlpost;
char *dtls_ciphers;
char *dtls12_ciphers;
char *csd_wrapper;
int no_http_keepalive;
int dump_http_traffic;
......
......@@ -48,6 +48,7 @@ openconnect \- Multi-protocol VPN client, for Cisco AnyConnect VPNs and others
.OP \-\-cafile file
.OP \-\-disable\-ipv6
.OP \-\-dtls\-ciphers list
.OP \-\-dtls12\-ciphers list
.OP \-\-dtls\-local\-port port
.OP \-\-dump\-http\-traffic
.OP \-\-no\-system\-trust
......@@ -368,6 +369,9 @@ Do not advertise IPv6 capability to server
.B \-\-dtls\-ciphers=LIST
Set OpenSSL ciphers to support for DTLS
.TP
.B \-\-dtls12\-ciphers=LIST
Set OpenSSL ciphers for Cisco's DTLS v1.2
.TP
.B \-\-dtls\-local\-port=PORT
Use
.I PORT
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment