diff --git a/openvpn-config/client.conf b/openvpn-config/client.conf index 0828569..4b9744f 100644 --- a/openvpn-config/client.conf +++ b/openvpn-config/client.conf @@ -44,13 +44,10 @@ cipher AES-256-GCM auth SHA256 # Use this specific cipher to secure the control channel -tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 +tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 # Only allow TLS version 1.2 and higher tls-version-min "1.2" - -# Use this elliptic curve for ECDHE within chosen tls-cipher -ecdh-curve brainpoolP512r1 ### END BLOCK CRYPTOGRAPHY # Reduce connection timeout so connection problems are visible sooner diff --git a/openvpn-config/server.conf b/openvpn-config/server.conf index 224ec06..9430dba 100644 --- a/openvpn-config/server.conf +++ b/openvpn-config/server.conf @@ -20,7 +20,7 @@ tls-server # Diffie-Hellman parameter file # (not needed for TLS cipher with ECDHE instead of DHE) -dh none +dh inform/dh.pem # Certificate revocation list location # Make sure this file is always valid, otherwise OpenVPN refuses to (re)start! @@ -99,13 +99,10 @@ cipher AES-256-GCM auth SHA256 # Use this specific cipher to secure the control channel -tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 +tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 # Only allow TLS version 1.2 and higher tls-version-min "1.2" - -# Use this elliptic curve for ECDHE within chosen tls-cipher -ecdh-curve brainpoolP512r1 ### END BLOCK CRYPTOGRAPHY # Disable cipher negotiation on server side