diff --git a/cmd/gluetun/main.go b/cmd/gluetun/main.go
index 042f6f8b..6f89519c 100644
--- a/cmd/gluetun/main.go
+++ b/cmd/gluetun/main.go
@@ -277,6 +277,10 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,
 
 	logger.Info(allSettings.String())
 
+	for _, warning := range allSettings.Warnings() {
+		logger.Warn(warning)
+	}
+
 	if err := os.MkdirAll("/tmp/gluetun", 0644); err != nil {
 		return err
 	}
diff --git a/internal/configuration/settings/settings.go b/internal/configuration/settings/settings.go
index 6c3e6da0..8fbca02d 100644
--- a/internal/configuration/settings/settings.go
+++ b/internal/configuration/settings/settings.go
@@ -3,6 +3,10 @@ package settings
 import (
 	"fmt"
 
+	"github.com/qdm12/gluetun/internal/configuration/settings/helpers"
+	"github.com/qdm12/gluetun/internal/constants/openvpn"
+	"github.com/qdm12/gluetun/internal/constants/providers"
+	"github.com/qdm12/gluetun/internal/constants/vpn"
 	"github.com/qdm12/gluetun/internal/models"
 	"github.com/qdm12/gluetun/internal/pprof"
 	"github.com/qdm12/gotree"
@@ -157,3 +161,27 @@ func (s Settings) toLinesNode() (node *gotree.Node) {
 
 	return node
 }
+
+func (s Settings) Warnings() (warnings []string) {
+	if helpers.IsOneOf(*s.VPN.Provider.Name, providers.SlickVPN) &&
+		s.VPN.Type == vpn.OpenVPN {
+		if s.VPN.OpenVPN.Version == openvpn.Openvpn24 {
+			warnings = append(warnings, "OpenVPN 2.4 uses OpenSSL 1.1.1 "+
+				"which allows the usage of weak security in today's standards. "+
+				"This can be ok if good security is enforced by the VPN provider. "+
+				"However, "+*s.VPN.Provider.Name+" uses weak security so you should use "+
+				"OpenVPN 2.5 to enforce good security practices.")
+		} else {
+			warnings = append(warnings, "OpenVPN 2.5 uses OpenSSL 3 "+
+				"which prohibits the usage of weak security in today's standards. "+
+				*s.VPN.Provider.Name+" uses weak security which is out "+
+				"of Gluetun's control so the only workaround is to allow such weaknesses "+
+				`using the OpenVPN option tls-cipher "DEFAULT:@SECLEVEL=0". `+
+				"You might want to reach to your provider so they upgrade their certificates. "+
+				"Once this is done, you will have to let the Gluetun maintainers know "+
+				"by creating an issue, attaching the new certificate and we will update Gluetun.")
+		}
+	}
+
+	return warnings
+}