> > cipher AES-256-CBC > > auth SHA256 > > AES-256-GCM is what you want, because it's less overhead than -CBC+SHA > (AEAD, crypt-and-hash in one go)
tls-version-min 1.2 tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 ncp-cipher AES-256-GCM:AES-256-CBC auth SHA256 dh none ecdh-curve secp384r1 like on https://www.privacy-handbuch.de/handbuch_97a.htm ? > And, if all your systems are 2.4+ and you do not change --ncp-disable or > --ncp-ciphers, is what you get automatically anyway. :-) Which they are not :( The IGEL Client uses 2.3.10 :( Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG | Raum 105 Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 ralf.hildebra...@charite.de https://www.charite.de _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
