I have an openVPN 2.4.6 server, compiled with OpenSSL 1.1.1, which includes full support for tls 1.3.
On one of my 2.4.6 clients (also using openssl 1.1.1), I changed the
Code: Select all
tls-version-min
In this client config, I already had it set to prioritise the ChaCha20-Poly1305 tls cipher with the option
Code: Select all
tls-cipher TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
This was working fine. On the client, it would connect with
Code: Select all
TLSv1.2, cipher TLSv1.2 TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
Code: Select all
tls-version-min 1.3
Code: Select all
Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384
Does tls 1.3 negate the affects of including
Code: Select all
tls-cipher