New comment by jkoderu-git on void-packages repository

https://github.com/void-linux/void-packages/issues/23413#issuecomment-657210078

Comment:
I found the problem, hopefully no need to switch to openssl.

Openvpn with Libressl 3.1.3 negotiate TLS1.3 but after Protonvpn servers force their TLS1.2 ciphers with option `ncp-ciphers`. The problem is use of TLS1.2 ciphers in a TLS1.3 connection.

On the libressl 3.1.1 changelog:
```
Improved cipher suite handling to automatically include TLSv1.3 cipher
     suites when they are not explicitly referred to in the cipher string.
```

To reproduce download the .ovpn from protonvpn and add `tls-version-max 1.2`. I don't know with protonvpn-cli, I modified template.ovpn and connenct.ovpn but it resets to its options. Though I recommend protonvpn-cli for dns leak protecion.