First step would be to update to a current release, v18 or later (v19 is coming in the next month or so, which will effectively EOL support for v17).
It doesn't surprise me that a four-year-old release doesn't support newer OpenSSL/OpenVPN features in more ways than one. (Not to mention that "security" and a release long out of support are incongruous.)
In fact, with the recent Linux CVEs, anything older than yesterday should be considered insecure and remotely exploitable (which includes from "infected" hosts within your own network).