Force AES-CBC ciphersuites and TLS_ERROR

[Sini]

* The OpenVPN Setting "Force AES-CBC ciphersuites" is now off by
default. If you experience connection issues with this change,
you can easily turn it back on in the Settings App under OpenVPN.

What is the command to turn on this option. Since Update 1.0.7 i can't connect with clients.

Client Config

dev tun
comp-lzo No
verb 3
proto tcp
remote Openvpn.... 443
cipher AES-256-CBC
key-direction 1
tls-auth
remote-cert-tls server
tls-remote openvpn...
ca

Error
TLS_ERROR: BIO read tls_read_plaintext error: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

[TinCanTech]

Please see:
viewtopic.php?f=36&t=21813

SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher - The server and client have no shared ciphers .. perhaps "Force AES-CBC ciphersuites will remedy this ..

[Sini]

I tried it manually to turn on Force AES-CBC ciphersuites and it works but i deploy config automatically.


Would be the command for client config
Force AES-CBC ciphersuites enabled

[Sini]

To be more specific i deploy the connection settings via mdm when the app is installed.
I use the above posted commands but this Force Setting is part of the Advanced Settings under iOS App.
Is there a way to enable this Settings via configuration?

[sanjayzed]

can you try with auth & cipher as none in both client and server side and delete tls-auth data in client config.

please share your logs as well.