diff --git a/openvpn-server-tun.tblk/config.ovpn.osxfortress b/openvpn-server-tun.tblk/config.ovpn.osxfortress
index 1ba8b18..960ad35 100644
--- a/openvpn-server-tun.tblk/config.ovpn.osxfortress
+++ b/openvpn-server-tun.tblk/config.ovpn.osxfortress
@@ -61,12 +61,18 @@ push "dhcp-option DOMAIN server.domainname.com"
 push "dhcp-option PROXY_AUTO_CONFIG_URL http://proxy.domainname.private/proxy.pac"
 ;push "dhcp-option PROXY_HTTP 10.8.0.1 3128"
 push "dhcp-option PROXY_BYPASS domainname.com"
+push "cipher AES-256-CBC"
+; cipher BF-CBC is susceptible to SWEET32 attacks
 
 client-to-client
 
 keepalive 10 120
 
-;cipher BF-CBC
+;cipher BF-CBC  ; susceptible to SWEET32 attacks
+cipher AES-256-CBC
+tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256:TLS-DHE-DSS-WITH-AES-128-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA
+tls-version-min 1.2
+auth SHA512
 
 comp-lzo