While making a new openvpn server in Opnsense (road warrior / remote access)
I saw "Encryption Algorithm" had a text saying "depcrecated"
with the following line:
"Cipher selection for older clients. Only preserved for backwards compatibility reasons."
Does that mean that it will auto negotiate select the encryption algorithm when the client connects to the openvpn server on opnsense? (for a while I thought encryption altogether is disabled, but that seemed silly :P)
The client and the server will negotiate the "best" encryption both sides support for some value of "best". If the client only supports deprecated algorithms and you disable this selection on the server side, a connection will not be established. If you enable it this client will be able to establish a connection with possibly broken algorithms.