This commit fixes two separate issues which are closely linked.

First, a 2.5 client cannot connect to a server which does not support NCP
and is not using one of the default --data-ciphers (AES-*-GCM).

This is because the 2.5 client does not use its configured --data-ciphers
cipher in the "fall back to OCC based cipher negotiation" case. Fix this.

Second, do not allow the 2.5 client to use --data-ciphers-fallback in the
above situation because that is not it's intended use (only to be used if
there is no pushed cipher [NCP] and no OCC provided cipher).

To reproduce the error use a client with only --data-ciphers set against
a server without NCP.

OPTIONS ERROR: failed to negotiate cipher with server.
Add the server's cipher ('AES-256-CBC') to --data-ciphers
(currently 'AES-256-CBC') if you want to connect to this server.

Reported by: Richard Bonhomme <tincanteksup@gmail.com>

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <20200814080619.2108-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20734.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 2ab0a92442dce1d82fcb9e2b305313ef668d40bf)