@@ -236,7 +236,7 @@ dco_check_option_conflict(int msglevel, const struct options *o)
/* At this point the ciphers have already been normalised */
if (o->enable_ncp_fallback
- && !tls_item_in_cipher_list(o->ciphername, DCO_SUPPORTED_CIPHERS))
+ && !tls_item_in_cipher_list(o->ciphername, dco_get_supported_ciphers()))
{
msg(msglevel, "Note: --data-cipher-fallback with cipher '%s' "
"disables data channel offload.", o->ciphername);
@@ -288,7 +288,7 @@ dco_check_option_conflict(int msglevel, const struct options *o)
const char *token;
while ((token = strsep(&tmp_ciphers, ":")))
{
- if (!tls_item_in_cipher_list(token, DCO_SUPPORTED_CIPHERS))
+ if (!tls_item_in_cipher_list(token, dco_get_supported_ciphers()))
{
msg(msglevel, "Note: cipher '%s' in --data-ciphers is not supported "
"by ovpn-dco, disabling data channel offload.", token);
@@ -200,6 +200,13 @@ void dco_install_iroute(struct multi_context *m, struct multi_instance *mi,
*/
void dco_delete_iroutes(struct multi_context *m, struct multi_instance *mi);
+/**
+ * Retrieve the list of ciphers supported by the current platform
+ *
+ * @return list of colon-separated ciphers
+ */
+const char *dco_get_supported_ciphers();
+
#else /* if defined(ENABLE_DCO) */
typedef void *dco_context_t;
@@ -301,5 +308,11 @@ dco_delete_iroutes(struct multi_context *m, struct multi_instance *mi)
{
}
+static inline const char *
+dco_get_supported_ciphers()
+{
+ return "";
+}
+
#endif /* defined(ENABLE_DCO) */
#endif /* ifndef DCO_H */
@@ -931,4 +931,10 @@ dco_event_set(dco_context_t *dco, struct event_set *es, void *arg)
}
}
+const char *
+dco_get_supported_ciphers()
+{
+ return "AES-128-GCM:AES-256-GCM:AES-192-GCM:CHACHA20-POLY1305";
+}
+
#endif /* defined(ENABLE_DCO) && defined(TARGET_LINUX) */
@@ -34,7 +34,6 @@
typedef enum ovpn_key_slot dco_key_slot_t;
typedef enum ovpn_cipher_alg dco_cipher_t;
-#define DCO_SUPPORTED_CIPHERS "AES-128-GCM:AES-256-GCM:AES-192-GCM:CHACHA20-POLY1305"
typedef struct
{