Revert to non-ECDHE-cipher due to openvpn issue #963
This commit is contained in:
parent
f70f10558b
commit
439a265852
|
|
@ -44,13 +44,10 @@ cipher AES-256-GCM
|
|||
auth SHA256
|
||||
|
||||
# Use this specific cipher to secure the control channel
|
||||
tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
|
||||
|
||||
# Only allow TLS version 1.2 and higher
|
||||
tls-version-min "1.2"
|
||||
|
||||
# Use this elliptic curve for ECDHE within chosen tls-cipher
|
||||
ecdh-curve brainpoolP512r1
|
||||
### END BLOCK CRYPTOGRAPHY
|
||||
|
||||
# Reduce connection timeout so connection problems are visible sooner
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ tls-server
|
|||
|
||||
# Diffie-Hellman parameter file
|
||||
# (not needed for TLS cipher with ECDHE instead of DHE)
|
||||
dh none
|
||||
dh inform/dh.pem
|
||||
|
||||
# Certificate revocation list location
|
||||
# Make sure this file is always valid, otherwise OpenVPN refuses to (re)start!
|
||||
|
|
@ -99,13 +99,10 @@ cipher AES-256-GCM
|
|||
auth SHA256
|
||||
|
||||
# Use this specific cipher to secure the control channel
|
||||
tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
|
||||
|
||||
# Only allow TLS version 1.2 and higher
|
||||
tls-version-min "1.2"
|
||||
|
||||
# Use this elliptic curve for ECDHE within chosen tls-cipher
|
||||
ecdh-curve brainpoolP512r1
|
||||
### END BLOCK CRYPTOGRAPHY
|
||||
|
||||
# Disable cipher negotiation on server side
|
||||
|
|
|
|||
Loading…
Reference in New Issue