From 56fad22cad64dbb176b26a8ac83546958a880b4a Mon Sep 17 00:00:00 2001
From: Angristan <stanislas.lange@protonmail.com>
Date: Thu, 16 Feb 2017 18:30:40 +0100
Subject: [PATCH] Disable DH and enable ECDH

cf. https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage#lbAK
---
 openvpn-install.sh | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index dfe9954..199b355 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -403,7 +403,6 @@ WantedBy=multi-user.target" > /etc/systemd/system/rc-local.service
 	# Create the PKI, set up the CA, the DH params and the server + client certificates
 	./easyrsa init-pki
 	./easyrsa --batch build-ca nopass
-	openssl dhparam $DH_KEY_SIZE -out dh.pem
 	./easyrsa build-server-full server nopass
 	./easyrsa build-client-full $CLIENT nopass
 	./easyrsa gen-crl
@@ -461,7 +460,7 @@ ca ca.crt
 cert server.crt
 key server.key
 tls-auth tls-auth.key 0
-dh dh.pem
+dh none
 auth SHA256
 $CIPHER
 tls-server