Prefer Galois/Counter Mode (GCM) over Cipher Block Chaining (CBC) mode. Use the same...
authorKrzysztof Burghardt <krzysztof@burghardt.pl>
Wed, 28 Dec 2016 18:42:54 +0000 (19:42 +0100)
committerKrzysztof Burghardt <krzysztof@burghardt.pl>
Wed, 28 Dec 2016 18:42:54 +0000 (19:42 +0100)
src/configuration/VPNs/OpenVPN/client.conf
src/configuration/VPNs/OpenVPN/server.conf

index fae1618..8a63c5e 100644 (file)
@@ -113,7 +113,7 @@ ns-cert-type server
 # then you must also specify it here.
 ;cipher x
 # Attention: it must fit in 256 bytes, so not the infamous CipherStringB!
-tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA
+tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA
 cipher AES-256-CBC
 auth SHA384
 
index 535bf16..73c825d 100644 (file)
@@ -245,7 +245,7 @@ keepalive 10 120
 ;cipher AES-128-CBC   # AES
 ;cipher DES-EDE3-CBC  # Triple-DES
 # Attention: it must fit in 256 bytes, so not the infamous CipherStringB!
-tls-cipher DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
+tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA
 cipher AES-256-CBC
 auth SHA384