Deprecated cypher options used

[animalillo]

Openvpn server is throwing this warning on the logs:

DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

There do not seem to be options to set up this on the module.

[kyl191]

You can set the cipher to AES-256-GCM - that's a supported option. But data-cipher isn't supported other than through openvpn_addl_server_options.

Reading https://community.openvpn.net/openvpn/wiki/CipherNegotiation it seems like the best path forward would be to let OpenVPN use the builtin defaults, but that's not backward compatible.

I'm changing the role to use AES-256-GCM:AES-128-GCM:AES-256-CBC as the default data-cipher because that overlaps with the current default of AES-256-CBC.