So I have an OpenBSD server serving a static website using httpd(8). I've been thinking for a while I should add an SSL certificate, but never got around to it because it was just a small hobby website and it didn't require any real attention. Today while watching one of the OpenBSD tutorials at BSDCan, I thought it was finally time. Since configuring everything else in OpenBSD is so easy, this must be easy too, right?
EDIT: (August 22, 2020) Theo Buehler has kindly reached out to me and informed me that this issue has just been fixed in a syspatch, and that OpenVPN now works correctly. Hi. Regarding https://blog.lambda.cx/posts/openvpn-issues-openbsd/, the issue you describe in this post should be fixed in 6.7-stable. It boils down to this: ProtonVPN appears to require clients to use P-521 for the TLSv1.3 key exchange. Released versions of OpenVPN do not permit customizing the curve to use for the key exchange (they added a –tls-groups option in their dev branch).