Sophos XG SSL VPN (Remote) use weaker handshake than specified and UDP failed to connect

Issue 1: I'm trying to config Sophos XG SSL VPN for remote client (iOS in particular). 

The client connect successful but I see the following when i inspect the connection:

SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA

That worries me because the config I have for the connection specify AES-256-CBC SHA2 256 2048bit 

3DES-EDE is known to be weak.

Issue 2: SSL VPN config with UDP instead of TCP and the client will time out trying to connect

INFORMATION:

- The client can connect and access all resources as intended (LAN + WAN - There are Firewall rules to allow that)

- The only issue so far is the weak hanshake and UDP would not connect.

Version:

- Sophos XG: SFOS 16.01.2

- iOS Open VPN client: Latest: 1.0.7 Build 199 (iOS 64 bit)

Please see the SSL client log and cofig screenshot below.

Any info is appreciated.

​2016-12-29 10:43:27 ----- OpenVPN Start -----
OpenVPN core 3.0.11 ios arm64 64-bit built on Apr 15 2016 14:13:50
2016-12-29 10:43:27 Frame=512/2048/512 mssfix-ctrl=1250
2016-12-29 10:43:27 UNUSED OPTIONS
3 [resolv-retry] [infinite]
4 [nobind]
5 [persist-key]
6 [persist-tun]
14 [route-delay] [4]
15 [verb] [3]
2016-12-29 10:43:27 EVENT: RESOLVE
2016-12-29 10:43:27 Contacting xxx.xxx.xxx.xxx:8443 via TCP
2016-12-29 10:43:27 EVENT: WAIT
2016-12-29 10:43:27 SetTunnelSocket returned 1
2016-12-29 10:43:27 Connecting to [xxx.xxx.xxx.xxx]:8443 (xxx.xxx.xxx.xxx) via TCPv4
2016-12-29 10:43:28 NET WiFi:NotReachable/WR t------
2016-12-29 10:43:28 NET Internet:ReachableViaWWAN/WR t------
2016-12-29 10:43:28 EVENT: CONNECTING
2016-12-29 10:43:28 Tunnel Options:V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client
2016-12-29 10:43:28 Creds: Username/Password
2016-12-29 10:43:28 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.7-199
IV_VER=3.0.11
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_LZO_SWAP=1
IV_LZ4=1
IV_LZ4v2=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
2016-12-29 10:43:29 VERIFY OK: depth=1
cert. version : 3
serial number : 00:00:00:00:00:00:00:00
issuer name : C=US, ST=NA, L=NA, O=home, OU=OU, CN=Sophos_CA_SOPHOSSERIAL, emailAddress=example@company.com
subject name : C=US, ST=NA, L=NA, O=home, OU=OU, CN=Sophos_CA_SOPHOSSERIAL, emailAddress=example@company.com
issued on : 2016-07-25 00:45:05
expires on : 2036-12-31 00:45:05
signed using : RSA with SHA1
RSA key size : 2048 bits
basic constraints : CA=true
2016-12-29 10:43:29 VERIFY OK: depth=0
cert. version : 3
serial number : 11:11:11:11:11
issuer name : C=US, ST=NA, L=NA, O=home, OU=OU, CN=Sophos_CA_SOPHOSSERIAL, emailAddress=example@company.com
subject name : C=US, ST=NA, L=NA, O=home, OU=OU, CN=SophosApplianceCertificate_SOPHOSSERIAL, emailAddress=example@company.com
issued on : 2015-08-01 00:00:00
expires on : 2036-12-31 23:59:59
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
2016-12-29 10:43:30 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
2016-12-29 10:43:30 Session is ACTIVE
2016-12-29 10:43:30 EVENT: GET_CONFIG
2016-12-29 10:43:30 Sending PUSH_REQUEST to server...
2016-12-29 10:43:31 OPTIONS:
0 [route-gateway] [10.10.11.1]
1 [ping] [45]
2 [ping-restart] [180]
3 [redirect-gateway] [def1]
4 [topology] [subnet]
5 [route] [remote_host] [255.255.255.255] [net_gateway]
6 [dhcp-option] [DNS] [10.10.10.1]
7 [ifconfig] [10.10.11.2] [255.255.255.0]
2016-12-29 10:43:31 PROTOCOL OPTIONS:
 cipher: AES-256-CBC
 digest: SHA256
 compress: ANY
 peer ID: -1
2016-12-29 10:43:31 EVENT: ASSIGN_IP
2016-12-29 10:43:31 Error parsing IPv4 route: [route] [remote_host] [255.255.255.255] [net_gateway] : addr_pair_mask_parse_error: AddrMaskPair parse error 'route': remote_host/255.255.255.255 : ip_exception: error parsing route IP address 'remote_host' : Invalid argument
2016-12-29 10:43:31 Connected via tun
2016-12-29 10:43:31 EVENT: CONNECTED example@xxx.xxx.xxx.xxx:8443 (xxx.xxx.xxx.xxx) via /TCPv4 on tun/10.10.11.2/
2016-12-29 10:43:31 LZO-ASYM init swap=0 asym=1
2016-12-29 10:43:31 Comp-stub init swap=0
2016-12-29 10:43:31 SetStatus Connected
2016-12-29 10:51:08 TUN reset routes
2016-12-29 10:51:08 EVENT: DISCONNECTED
2016-12-29 10:51:08 Raw stats on disconnect:
 BYTES_IN : 134137
 BYTES_OUT : 47513
 PACKETS_IN : 168
 PACKETS_OUT : 221
 TUN_BYTES_IN : 33619
 TUN_BYTES_OUT : 122868
 TUN_PACKETS_IN : 167
 TUN_PACKETS_OUT : 185
2016-12-29 10:51:08 Performance stats on disconnect:
 CPU usage (microseconds): 264665
 Tunnel compression ratio (uplink): 1.41328
 Tunnel compression ratio (downlink): 1.09172
 Network bytes per CPU second: 686339
 Tunnel bytes per CPU second: 591264
2016-12-29 10:51:08 ----- OpenVPN Stop -----

2016-12-29 10:57:07 ----- OpenVPN Start -----
OpenVPN core 3.0.11 ios arm64 64-bit built on Apr 15 2016 14:13:50
2016-12-29 10:57:07 Frame=512/2048/512 mssfix-ctrl=1250
2016-12-29 10:57:07 UNUSED OPTIONS
3 [explicit-exit-notify]
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
15 [route-delay] [4]
16 [verb] [3]
2016-12-29 10:57:07 EVENT: RESOLVE
2016-12-29 10:57:07 Contacting xxx.xxx.xxx.xxx:8443 via UDP
2016-12-29 10:57:07 EVENT: WAIT
2016-12-29 10:57:07 SetTunnelSocket returned 1
2016-12-29 10:57:07 Connecting to [xxx.xxx.xxx.xxx]:8443 (xxx.xxx.xxx.xxx) via UDPv4
2016-12-29 10:57:08 NET WiFi:NotReachable/WR t------
2016-12-29 10:57:08 NET Internet:ReachableViaWWAN/WR t------
2016-12-29 10:57:17 Server poll timeout, trying next remote entry...
2016-12-29 10:57:17 EVENT: RECONNECTING
2016-12-29 10:57:17 EVENT: RESOLVE
2016-12-29 10:57:17 Contacting 10.10.10.1:8443 via UDP
2016-12-29 10:57:17 EVENT: WAIT
2016-12-29 10:57:17 SetTunnelSocket returned 1
2016-12-29 10:57:17 Connecting to [10.10.10.1]:8443 (10.10.10.1) via UDPv4
2016-12-29 10:57:27 Server poll timeout, trying next remote entry...
2016-12-29 10:57:27 EVENT: RECONNECTING
2016-12-29 10:57:27 EVENT: RESOLVE
2016-12-29 10:57:27 Contacting 10.10.16.1:8443 via UDP
2016-12-29 10:57:27 EVENT: WAIT
2016-12-29 10:57:27 SetTunnelSocket returned 1
2016-12-29 10:57:27 Connecting to [10.10.16.1]:8443 (10.10.16.1) via UDPv4
2016-12-29 10:57:37 Server poll timeout, trying next remote entry...
2016-12-29 10:57:37 EVENT: RECONNECTING
2016-12-29 10:57:37 EVENT: RESOLVE
2016-12-29 10:57:37 Contacting xxx.xxx.xxx.xxx:8443 via UDP
2016-12-29 10:57:37 EVENT: WAIT
2016-12-29 10:57:37 SetTunnelSocket returned 1
2016-12-29 10:57:37 Connecting to [xxx.xxx.xxx.xxx]:8443 (xxx.xxx.xxx.xxx) via UDPv4
2016-12-29 10:57:47 Server poll timeout, trying next remote entry...
2016-12-29 10:57:47 EVENT: RECONNECTING
2016-12-29 10:57:47 EVENT: RESOLVE
2016-12-29 10:57:47 Contacting 10.10.10.1:8443 via UDP
2016-12-29 10:57:47 EVENT: WAIT
2016-12-29 10:57:47 SetTunnelSocket returned 1
2016-12-29 10:57:47 Connecting to [10.10.10.1]:8443 (10.10.10.1) via UDPv4
2016-12-29 10:57:57 Server poll timeout, trying next remote entry...
2016-12-29 10:57:57 EVENT: RECONNECTING
2016-12-29 10:57:57 EVENT: RESOLVE
2016-12-29 10:57:57 Contacting 10.10.16.1:8443 via UDP
2016-12-29 10:57:57 EVENT: WAIT
2016-12-29 10:57:57 SetTunnelSocket returned 1
2016-12-29 10:57:57 Connecting to [10.10.16.1]:8443 (10.10.16.1) via UDPv4
2016-12-29 10:58:07 EVENT: CONNECTION_TIMEOUT [ERR]
2016-12-29 10:58:07 EVENT: DISCONNECTED
2016-12-29 10:58:07 Raw stats on disconnect:
 BYTES_OUT : 420
 PACKETS_OUT : 30
 CONNECTION_TIMEOUT : 1
 N_RECONNECT : 5
2016-12-29 10:58:07 Performance stats on disconnect:
 CPU usage (microseconds): 41051
 Network bytes per CPU second: 10231
 Tunnel bytes per CPU second: 0
2016-12-29 10:58:07 EVENT: DISCONNECT_PENDING
2016-12-29 10:58:07 ----- OpenVPN Stop -----