openvpn: add support for tls-version-min

Currently, the uci data model does not provide support for specifying
the minimum TLS version supported in an OpenVPN instance (be it server
or client).

This patch adds support for writing the relevant option to the openvpn
configuration file at service startup.

Signed-off-by: Matteo Panella <morpheus@level28.org>
[Jo-Philipp Wich: shorten commit title, bump pkg release]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

2 files changed, 2 insertions, 2 deletions

diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile
index 69f24c4761..e0e1b124c3 100644
--- a/package/network/services/openvpn/Makefile
+++ b/package/network/services/openvpn/Makefile
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=openvpn
 
 PKG_VERSION:=2.3.10
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
diff --git a/package/network/services/openvpn/files/openvpn.init b/package/network/services/openvpn/files/openvpn.init
index 5396d0bf47..6dac7b3fa1 100644
--- a/package/network/services/openvpn/files/openvpn.init
+++ b/package/network/services/openvpn/files/openvpn.init
@@ -121,7 +121,7 @@ start_instance() {
 		reneg_bytes reneg_pkts reneg_sec \
 		replay_persist replay_window resolv_retry route route_delay route_gateway \
 		route_metric route_pre_down route_up rport script_security secret server server_bridge setenv shaper sndbuf \
-		socks_proxy status status_version syslog tcp_queue_limit tls_auth \
+		socks_proxy status status_version syslog tcp_queue_limit tls_auth tls_version_min \
 		tls_cipher tls_remote tls_timeout tls_verify tmp_dir topology tran_window \
 		tun_mtu tun_mtu_extra txqueuelen user verb down push up \
 		verify_x509_name x509_username_field \