Set PKCS#12 algorithm when exporting OpenVPN ZIP or Windows bundles
Currently when crafting a PKCS#12 archive the OpenVPN Client Export package does not set a specific encryption algorithm, so it ends up using the current default in OpenSSL 1.1.1 which is RC2. OpenSSL 3.0 is dropping support for RC2, and given its weakness we should be exporting using something stronger anyhow.
The package should set AES-256 by passing
-certpbe AES-256-CBC -keypbe AES-256-CBC when creating the PKCS#12 file, perhaps with an option to omit them so it uses the old algorithms for legacy clients.