From 9f22543b5bf24d93ae4132a5cef9599d7a2e0487 Mon Sep 17 00:00:00 2001
From: Martin Schiller <ms@dev.tdt.de>
Date: Thu, 18 Jul 2019 12:38:06 +0200
Subject: [PATCH] luci-app-openvpn: add new tls_ciphersuites option

This is used to configure ciphers for TLS 1.3 or newer.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
---
 .../luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua    | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
index 41581f4c7..2bf36cb27 100644
--- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
+++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
@@ -680,6 +680,10 @@ local knownParams = {
 			"tls_cipher",
 			"DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5",
 			translate("TLS cipher") },
+		{ Value,
+			"tls_ciphersuites",
+			"TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256",
+			translate("TLS 1.3 or newer cipher") },
 		{ Value,
 			"tls_timeout",
 			2,
-- 
2.25.1