Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Allow user to set DTLS ciphers
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Apr 24, 2009
1 parent 7512134 commit 6a378a4
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 1 deletion.
3 changes: 2 additions & 1 deletion cstp.c
Expand Up @@ -102,7 +102,8 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
openconnect_SSL_printf(vpninfo->https_ssl, "X-DTLS-Master-Secret: ");
for (i = 0; i < sizeof(vpninfo->dtls_secret); i++)
openconnect_SSL_printf(vpninfo->https_ssl, "%02X", vpninfo->dtls_secret[i]);
openconnect_SSL_printf(vpninfo->https_ssl, "\r\nX-DTLS-CipherSuite: AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA\r\n\r\n");
openconnect_SSL_printf(vpninfo->https_ssl, "\r\nX-DTLS-CipherSuite: %s\r\n\r\n",
vpninfo->dtls_ciphers?:"AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA");

if (openconnect_SSL_gets(vpninfo->https_ssl, buf, 65536) < 0) {
vpninfo->progress(vpninfo, PRG_ERR, "Error fetching HTTPS response\n");
Expand Down
5 changes: 5 additions & 0 deletions main.c
Expand Up @@ -77,6 +77,7 @@ static struct option long_options[] = {
{"passwd-on-stdin", 0, 0, '5'},
{"no-passwd", 0, 0, '6'},
{"reconnect-timeout", 1, 0, '7'},
{"dtls-ciphers", 1, 0, '8'},
{NULL, 0, 0, 0},
};

Expand Down Expand Up @@ -109,6 +110,7 @@ void usage(void)
printf(" --cookieonly Fetch webvpn cookie only; don't connect\n");
printf(" --printcookie Print webvpn cookie before connecting\n");
printf(" --cafile=FILE Cert file for server verification\n");
printf(" --dtls-ciphers=LIST OpenSSL ciphers to support for DTLS\n");
printf(" --no-dtls Disable DTLS\n");
printf(" --no-passwd Disable password/SecurID authentication\n");
printf(" --passwd-on-stdin Read password from standard input\n");
Expand Down Expand Up @@ -206,6 +208,9 @@ int main(int argc, char **argv)
case '7':
vpninfo->reconnect_timeout = atoi(optarg);
break;
case '8':
vpninfo->dtls_ciphers = optarg;
break;
case 'C':
vpninfo->cookie = optarg;
break;
Expand Down
7 changes: 7 additions & 0 deletions openconnect.8
Expand Up @@ -95,6 +95,10 @@ openconnect \- Connect to Cisco AnyConnect VPN
.I FILE
]
[
.B --dtls-ciphers
.I LIST
]
[
.B --no-dtls
]
[
Expand Down Expand Up @@ -222,6 +226,9 @@ Print webvpn cookie before connecting
.B --cafile=FILE
Cert file for server verification
.TP
.B --dtls-ciphers=LIST
Set OpenSSL ciphers to support for DTLS
.TP
.B --no-dtls
Disable DTLS
.TP
Expand Down
1 change: 1 addition & 0 deletions openconnect.h
Expand Up @@ -143,6 +143,7 @@ struct openconnect_info {
char *username;
char *password;
int nopasswd;
char *dtls_ciphers;

char *cookie;
struct vpn_option *cookies;
Expand Down

0 comments on commit 6a378a4

Please sign in to comment.