diff --git a/src/worker-vpn.c b/src/worker-vpn.c
index 62d7d074..8684a2c3 100644
--- a/src/worker-vpn.c
+++ b/src/worker-vpn.c
@@ -217,32 +217,30 @@ char * str;
 		case HEADER_DTLS_CIPHERSUITE:
 			str = (char*)req->value.data;
 			while ((token = strtok(str, ":")) != NULL) {
-#if GNUTLS_VERSION_NUMBER >= 0x030201
-				if (strcmp(token, "X-ESTREAM-SALSA20-UMAC96") == 0) {
-				        req->selected_ciphersuite = "X-ESTREAM-SALSA20-UMAC96";
-				        req->gnutls_ciphersuite = "NONE:+VERS-DTLS0.9:+COMP-NULL:+ESTREAM-SALSA20-256:+UMAC-96:+RSA:%COMPAT:%DISABLE_SAFE_RENEGOTIATION";
+#if GNUTLS_VERSION_NUMBER >= 0x030207
+				if (strcmp(token, "OC-DTLS1_2-ESALSA20-SHA") == 0) {
+				        req->selected_ciphersuite = "OC-DTLS1_2-ESALSA20-SHA";
+				        req->gnutls_ciphersuite = "NONE:+VERS-DTLS1.2:+COMP-NULL:+ESTREAM-SALSA20-256:+SHA1:+RSA:%COMPAT:%DISABLE_SAFE_RENEGOTIATION";
 				        req->gnutls_cipher = GNUTLS_CIPHER_ESTREAM_SALSA20_256;
-				        req->gnutls_mac = GNUTLS_MAC_UMAC_96;
-				        req->gnutls_version = GNUTLS_DTLS0_9;
+				        req->gnutls_mac = GNUTLS_MAC_SHA1;
+				        req->gnutls_version = GNUTLS_DTLS1_2;
 				        break;
-				} else if (strcmp(token, "X-SALSA20-UMAC96") == 0) {
-				        req->gnutls_ciphersuite = "NONE:+VERS-DTLS0.9:+COMP-NULL:+SALSA20-256:+UMAC-96:+RSA:%COMPAT:%DISABLE_SAFE_RENEGOTIATION";
-				        req->selected_ciphersuite = "X-SALSA20-UMAC96";
+				} else if (strcmp(token, "OC-DTLS1_2-SALSA20-SHA") == 0) {
+				        req->gnutls_ciphersuite = "NONE:+VERS-DTLS1.2:+COMP-NULL:+SALSA20-256:+SHA1:+RSA:%COMPAT:%DISABLE_SAFE_RENEGOTIATION";
+				        req->selected_ciphersuite = "OC-DTLS1_2-SALSA20-SHA";
 				        req->gnutls_cipher = GNUTLS_CIPHER_SALSA20_256;
-				        req->gnutls_mac = GNUTLS_MAC_UMAC_96;
-				        req->gnutls_version = GNUTLS_DTLS0_9;
+				        req->gnutls_mac = GNUTLS_MAC_SHA1;
+				        req->gnutls_version = GNUTLS_DTLS1_2;
 				        break;
                                 } else
-#endif
-#if GNUTLS_VERSION_NUMBER >= 0x030207
-	                        if (strcmp(token, "OC-AES128-GCM") == 0) {
+	                        if (strcmp(token, "OC-DTLS1_2-AES128-GCM") == 0) {
 				        req->selected_ciphersuite = "OC-AES128-GCM";
 				        req->gnutls_ciphersuite = "NONE:+VERS-DTLS1.2:+COMP-NULL:+AES-128-GCM:+AEAD:+RSA:%COMPAT:%DISABLE_SAFE_RENEGOTIATION:+SIGN-ALL";
 				        req->gnutls_cipher = GNUTLS_CIPHER_AES_128_GCM;
 				        req->gnutls_mac = GNUTLS_MAC_AEAD;
 				        req->gnutls_version = GNUTLS_DTLS1_2;
 				        break;
-	                        } else if (strcmp(token, "OC-AES256-GCM") == 0) {
+	                        } else if (strcmp(token, "OC-DTLS1_2-AES256-GCM") == 0) {
 				        req->selected_ciphersuite = "OC-AES256-GCM";
 				        req->gnutls_ciphersuite = "NONE:+VERS-DTLS1.2:+COMP-NULL:+AES-256-GCM:+AEAD:+RSA:%COMPAT:%DISABLE_SAFE_RENEGOTIATION:+SIGN-ALL";
 				        req->gnutls_cipher = GNUTLS_CIPHER_AES_256_GCM;