OpenVPN option line is limited to 256 characters and IANA format is longer
than OpenSSL one. Following ciphers where removed to keep length limit:
- DHE-RSA-CAMELLIA128-SHA (IANA name TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA),
- DHE-RSA-AES128-SHA (TLS-DHE-RSA-WITH-AES-128-CBC-SHA),
- CAMELLIA256-SHA (TLS-RSA-WITH-CAMELLIA-256-CBC-SHA),
- AES256-SHA (TLS-RSA-WITH-AES-256-CBC-SHA),
- CAMELLIA128-SHA (TLS-RSA-WITH-CAMELLIA-128-CBC-SHA),
- AES128-SHA (TLS-RSA-WITH-AES-128-CBC-SHA).
# then you must also specify it here.
;cipher x
# Attention: it must fit in 256 bytes, so not the infamous CipherStringB!
-tls-cipher DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
+tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA
cipher AES-256-CBC
auth SHA384