matomo

Explanation: Use recommended encryption suite

OpenVPN 2.5.0 brings a new encryption called ChaCha20-Poly1305 which is our new recommended default cipher.

ChaCha20-Poly1305 is a stream cipher (compared to AES which is a block cipher) and thus offers better performance for devices that does not have AES hardware acceleration (known as AES-NI). The reason for this is that ChaCha20's use ARX (Addition-Rotation-XOR) which are more CPU friendly instructions than the binary fields AES uses for Sbox and Mixcolumns computations.
This also makes ChaCha20-Poly1305 a bit more secure than AES-based encryptions since the use of lookup tables makes it vulnerable to side loaded cache-timing attacks without the use of AES-NI on the hardware.