From 0819a01942bb111a3e826c7ef3c0dd4c6b5084cc Mon Sep 17 00:00:00 2001
From: Stephan de Wit <stephan.de.wit@deciso.com>
Date: Mon, 16 Dec 2024 17:13:06 +0100
Subject: [PATCH] ipsec: remove hashing algorithm from null cipher

---
 .../models/OPNsense/IPsec/FieldTypes/IPsecProposalField.php   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/opnsense/mvc/app/models/OPNsense/IPsec/FieldTypes/IPsecProposalField.php b/src/opnsense/mvc/app/models/OPNsense/IPsec/FieldTypes/IPsecProposalField.php
index 3239ebf69..aac2bb2a1 100644
--- a/src/opnsense/mvc/app/models/OPNsense/IPsec/FieldTypes/IPsecProposalField.php
+++ b/src/opnsense/mvc/app/models/OPNsense/IPsec/FieldTypes/IPsecProposalField.php
@@ -114,7 +114,7 @@ class IPsecProposalField extends BaseListField
                 'aes256-sha512-ecp521' => null,
             ],
             /* AEAD algorithms */
-            gettext('Commonly used AES with Galois/Counter Mode') => [
+            gettext('Commonly used combined-mode (AEAD) ciphers') => [
                 ...$this->AeadAlgorithms()
             ],
             gettext('Commonly used, but insecure cipher suites') => [
@@ -124,7 +124,7 @@ class IPsecProposalField extends BaseListField
                 'aes256-sha1-ecp521' => 'aes256-sha1-ecp521 [DH21, NIST EC]',
                 'aes256-sha512-modp1024' => 'aes256-sha512-modp1024 [DH2]',
                 'aes256-sha256' => 'aes256-sha256',
-                'null-sha256-x25519' => gettext('null-sha256-x25519 (testing only, no encryption!)')
+                'null' => gettext('null (testing only, no encryption and no integrity checking!)')
             ]
         ];
     }