Harden SSL VPN (OpenVPN) Configuration
SSLVPN uses a weak cipher, AES-128-CBC, which is rapidly aging at this point. Couple that with a lack of TLS Auth protection and you have a pretty insecure implementation of OpenVPN. Either up your game and default to a stronger cipher or let us decide which one we want. Also need the ability to enable TLS Auth if we so desire.
Is it possible to change the settings as Andrew suggested on the existing configuration with out messing it up for remote users?
If not, can I configure a new config side-by-side with the existing one? How can I get an SSLVPN client package preparted in such case for the new configuration?
Apparently it uses TLS though it's v1
"Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA"
Also, you can change the cipher in the SSL VPN Configuration Settings.
"Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key"
"Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication"