Differences

This shows you the differences between two versions of the page.

--- doc:appunti:linux:sa:debian_upgrade_11_12 [2025/03/20 12:30] – [OpenVPN BF-CBC not supported] niccolo
+++ doc:appunti:linux:sa:debian_upgrade_11_12 [2025/06/24 11:53] (current) – [Configuration with TLS] niccolo
@@ Line 145: / Line 145: @@
 <code>
-# OpenVPN 2.6 using TLS should use the --data-ciphers option.
+# The --cipher option should not be used any longer with OpenVPN 2.6 in TLS mode.
-data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC
+#cipher AES-256-CBC
+# Use --data-ciphers adding the AES-256-CBC to the default value, e.g. for OpenVPN 2.3 clients.
+data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
+# Use --data-ciphers-fallback for peers that are old or have negotiation disabled,
+# e.g. peers running OpenVPN 2.3 or older, or some embedded devices.
 data-ciphers-fallback AES-256-CBC
 </code>