Revert to non-ECDHE-cipher due to openvpn issue #963

openvpn-config/client.conf

@@ -44,13 +44,10 @@ cipher AES-256-GCM
 auth SHA256
 
 # Use this specific cipher to secure the control channel
-tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
+tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
 
 # Only allow TLS version 1.2 and higher
 tls-version-min "1.2"
-
-# Use this elliptic curve for ECDHE within chosen tls-cipher
-ecdh-curve brainpoolP512r1
 ### END BLOCK CRYPTOGRAPHY
 
 # Reduce connection timeout so connection problems are visible sooner

openvpn-config/server.conf

@@ -20,7 +20,7 @@ tls-server
 
 # Diffie-Hellman parameter file
 # (not needed for TLS cipher with ECDHE instead of DHE)
-dh none
+dh inform/dh.pem
 
 # Certificate revocation list location
 # Make sure this file is always valid, otherwise OpenVPN refuses to (re)start!
@@ -99,13 +99,10 @@ cipher AES-256-GCM
 auth SHA256
 
 # Use this specific cipher to secure the control channel
-tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
+tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
 
 # Only allow TLS version 1.2 and higher
 tls-version-min "1.2"
-
-# Use this elliptic curve for ECDHE within chosen tls-cipher
-ecdh-curve brainpoolP512r1
 ### END BLOCK CRYPTOGRAPHY
 
 # Disable cipher negotiation on server side