luci-app-openvpn: update tls_cipher list

Update the list of selectable TLS cipher suites.

The previous list consisted mostly of unsupported ciphers and the IANA
names should be used.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>

applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua

@@ -679,25 +679,27 @@ local knownParams = {
 		{ DynamicList,
 			"tls_cipher",
 			{
-				"DHE-RSA-AES256-SHA",
+				"TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
-				"DHE-DSS-AES256-SHA",
+				"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
-				"AES256-SHA",
+				"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
-				"EDH-RSA-DES-CBC3-SHA",
+				"TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
-				"EDH-DSS-DES-CBC3-SHA",
+				"TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
-				"DES-CBC3-SHA",
+				"TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
-				"DHE-RSA-AES128-SHA",
+				"TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
-				"DHE-DSS-AES128-SHA",
+				"TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
-				"AES128-SHA",
+				"TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
-				"RC4-SHA",
+				"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
-				"RC4-MD5",
+				"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
-				"EDH-RSA-DES-CBC-SHA",
+				"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
-				"EDH-DSS-DES-CBC-SHA",
+				"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
-				"DES-CBC-SHA",
+				"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
-				"EXP-EDH-RSA-DES-CBC-SHA",
+				"TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
-				"EXP-EDH-DSS-DES-CBC-SHA",
+				"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
-				"EXP-DES-CBC-SHA",
+				"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
-				"EXP-RC2-CBC-MD5",
+				"TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
-				"EXP-RC4-MD5"
+				"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
+				"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
+				"TLS-DHE-RSA-WITH-AES-128-CBC-SHA"
 			},
 			translate("TLS cipher") },
 		{ DynamicList,