Some additions and WUI restructure ideas after some more testings.
'--cipher' is no longer needed if '--data-cipher-fallback' is in usage, there is also no need for '--data-ciphers' for the first if '--data- cipher-fallback' is active. The client can still uses the '--cipher alg' directive and the 2.5.0 server responds with '--data-ciphers- fallback alg' .
The idea: Remove the cipher section from the global area from the WUI, rename simply '--cipher' to '--data-ciphers-fallback' in server.conf and keep the index, include the 'DCIPHER' (also 'DAUTH' and 'TLSAUTH') variable(s) to the advanced encryption section with the related indexes to keep the old configuration but set also new defaults for new configurations.
If '--data-ciphers' is active, all old clients have the chance with e.g. an old CBC cipher to migrate also to newer clients step-by-step so we can get rid of the old broken algorithms like CAST, DES and BF since they won´t appear in the new advanced encryption section...
As an idea !?
Best,
Erik