+ # For additional privacy, a shared secret key
+ # can be used for both authentication (as in tls_auth)
+ # and encryption of the TLS control channel.
+ #
+ # Generate a shared secret with:
+ # openvpn --genkey --secret ta.key
+ #
+ # The server and each client must have
+ # a copy of this key.
+ #
+ # tls_auth and tls_crypt should NOT
+ # be combined, as tls_crypt implies tls_auth.
+ # Use EITHER tls_crypt, tls_auth, or neither option.
+# option tls_crypt "/etc/openvpn/ta.key"
+
+ # Set the minimum required TLS protocol version
+ # for all connections.
+ #
+ # Require at least TLS 1.1
+# option tls_version_min "1.1"
+ # Require at least TLS 1.2
+# option tls_version_min "1.2"
+ # Require TLS 1.2, or the highest version supported
+ # on the system
+# option tls_version_min "1.2 'or-highest'"
+
+ # OpenVPN versions 2.4 and later will attempt to
+ # automatically negotiate the most secure cipher
+ # between the client and server, regardless of a
+ # configured "option cipher" (see below).
+ # Automatic negotiation is recommended.
+ #
+ # Uncomment this option to disable this behavior,
+ # and force all OpenVPN peers to use the configured
+ # cipher option instead (not recommended).
+# option ncp_disable
+