From 316ecfe7f4e9101be82e7e163e0ec821916645af Mon Sep 17 00:00:00 2001
From: Angristan <stanislas.lange@protonmail.com>
Date: Sun, 11 Dec 2016 12:11:11 +0100
Subject: [PATCH] Use SHA-256 instead of SHA-384

Following https://github.com/Angristan/OpenVPN-install/commit/693bd13fa723b8d5077539a7208f759c51c04a06
---
 openvpn-install.sh | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index f68428b..5ddbd67 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -400,7 +400,6 @@ WantedBy=multi-user.target" > /etc/systemd/system/rc-local.service
 	rm -rf ~/EasyRSA-3.0.1.tgz
 	cd /etc/openvpn/easy-rsa/
 	echo "set_var EASYRSA_KEY_SIZE $RSA_KEY_SIZE" > vars
-	echo 'set_var EASYRSA_DIGEST "sha384"' >> vars
 	# Create the PKI, set up the CA, the DH params and the server + client certificates
 	./easyrsa init-pki
 	./easyrsa --batch build-ca nopass
@@ -463,11 +462,11 @@ cert server.crt
 key server.key
 tls-auth tls-auth.key 0
 dh dh.pem
-auth SHA384 
+auth SHA256
 $CIPHER
 tls-server
 tls-version-min 1.2
-tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
+tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
 status openvpn.log
 verb 3" >> /etc/openvpn/server.conf
 
@@ -580,11 +579,11 @@ nobind
 persist-key
 persist-tun
 remote-cert-tls server
-auth SHA384
+auth SHA256
 $CIPHER
 tls-client
 tls-version-min 1.2
-tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
+tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
 setenv opt block-outside-dns
 verb 3" >> /etc/openvpn/client-template.txt