Update openvpn-client-tun.ovpn

essandess · web-flow · commit cfcf9e6d8268 · 2017-01-05T20:23:40.000-05:00
`tls-cipher` options based on latest openvpn
diff --git a/openvpn-client-tun.ovpn b/openvpn-client-tun.ovpn
@@ -35,9 +35,12 @@ MY CERT from ta.key
 verify-x509-name 'C=US, O=DomainName, OU=OpenVPN, CN=domainname.tld' subject
 ;auth-user-pass
 ;tls-remote server-domainname
-auth SHA512
 ;cipher BF-CBC  ; susceptible to SWEET32 attacks
 cipher AES-256-CBC
+; openvpn --show-tls | grep -e '^TLS' | grep -v 128 | grep -v -e 'SHA$' | grep -v GCM
+tls-cipher TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-DSS-WITH-AES-256-CBC-SHA256:TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384:TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384
+tls-version-min 1.2
+auth SHA512
 ;client-http-proxy 10.0.1.3 3128
 comp-lzo
 verb 3
