From f4e4e9659535670396debb53e1b16aac5288583b Mon Sep 17 00:00:00 2001
From: hybtoy <hybtoy@gmail.com>
Date: Tue, 26 Sep 2017 15:04:34 +0500
Subject: [PATCH] Update openvpn-install.sh

Add:
1. TLS Cipher - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
2. HMAC Auth - SHA224
---
 openvpn-install.sh | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index 4bd0e58..ba8c7af 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -419,8 +419,9 @@ else
 	elif [[ "$CERT_TYPE" = '2' ]]; then
 		echo "   1) ECDHE-RSA-AES-256-GCM-SHA384 (recommended)"
 		echo "   2) ECDHE-RSA-AES-128-GCM-SHA256"
-		while [[ $CC_ENC != "1" && $CC_ENC != "2" ]]; do
-			read -p "Control channel cipher [1-2]: " -e -i 1 CC_ENC
+		echo "   3) DHE-RSA-AES-128-GCM-SHA256"
+		while [[ $CC_ENC != "1" && $CC_ENC != "2" && $CC_ENC != "3" ]]; do
+			read -p "Control channel cipher [1-3]: " -e -i 1 CC_ENC
 		done
 		case $CC_ENC in
 			1)
@@ -429,6 +430,9 @@ else
 			2)
 				CC_ENC="TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256"
 			;;
+			3)
+				CC_ENC="TLS-DHE-RSA-WITH-AES-128-GCM-SHA256"
+			;;
 		esac
 	fi
 	echo ""
@@ -447,20 +451,24 @@ else
 		echo "Choose which message digest algorithm you want to use for the data channel packets"
 		echo "and the tls-auth/tls-crypt control channel packets:"
 	fi
-	echo "   1) SHA-256"
-	echo "   2) SHA-384 (recommended)"
-	echo "   3) SHA-512"
-		while [[ $HMAC_AUTH != "1" && $HMAC_AUTH != "2" && $HMAC_AUTH != "3" ]]; do
+	echo "   1) SHA-224"
+	echo "   2) SHA-256"
+	echo "   3) SHA-384 (recommended)"
+	echo "   4) SHA-512"
+		while [[ $HMAC_AUTH != "1" && $HMAC_AUTH != "2" && $HMAC_AUTH != "3" && $HMAC_AUTH != "4" ]]; do
 			read -p "HMAC authentication algorithm [1-3]: " -e -i 2 HMAC_AUTH
 	done
 	case $HMAC_AUTH in
 		1)
-			HMAC_AUTH="SHA256"
+			HMAC_AUTH="SHA224"
 		;;
 		2)
-			HMAC_AUTH="SHA384"
+			HMAC_AUTH="SHA256"
 		;;
 		3)
+			HMAC_AUTH="SHA384"
+		;;
+		4)
 			HMAC_AUTH="SHA512"
 		;;
 	esac