This update adds additional upstream changes to better handle deprecated ciphers. BF-CBC is now also deprecated completely in server configurations and it will no longer attempt to negotiate BF-CBC with clients. This is a port of the changes done to the Fedora 36 openvpn-2.5.7-2 build to EPEL-9.
These changes are a result of OpenSSL 3.0 being far more stricter on deprecated and weak ciphers than OpenSSL 1.1 and older.
Please login to add feedback.