Hi, thank a lot Kurt.
> Anyway, that seems to mean that openvpn only supports TLS 1.0 for > some reason. I have no idea how openvpn works, but if it uses > TLS 1.0, it really should switch to 1.2 or 1.3. According to https://community.openvpn.net/openvpn/wiki/Hardening , OpenVPN 2.3.3 and newer should support TLS version negotiation. After some poking around, I have figured that server is running 2.3.4. So one would expect, that TLSv1.2 will work, but it doesn't. TLSv1 is confirmed in log Sat Aug 25 15:33:33 2018 Control Channel: TLSv1, cipher SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA I will try to get server upgraded to confirm, that newer version will basically work out of the box. Sorry for unnecessary noise. Best, Antonin
