use aes-ctr which is slightly/arguably better than a poke in the eye and don't restrict the crypto algorithm by server role.

include/crypto.php

@@ -79,16 +79,16 @@ function STD_decrypt($data,$key,$iv) {
 	return openssl_decrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
 }
 
-function AES256GCM_encrypt($data,$key,$iv) {
+function AES256CTR_encrypt($data,$key,$iv) {
 	$key = substr($key,0,32);
-	$iv = substr($iv,0,12);
-	return openssl_encrypt($data,'aes-256-gcm',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,12,"\0"));
+	$iv = substr($iv,0,16);
+	return openssl_encrypt($data,'aes-256-ctr',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
 }
 
-function AES256GCM_decrypt($data,$key,$iv) {
+function AES256CTR_decrypt($data,$key,$iv) {
 	$key = substr($key,0,32);
-	$iv = substr($iv,0,12);
-	return openssl_decrypt($data,'aes-256-gcm',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,12,"\0"));
+	$iv = substr($iv,0,16);
+	return openssl_decrypt($data,'aes-256-ctr',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
 }
 
 
@@ -155,9 +155,6 @@ function other_encapsulate($data,$pubkey,$alg) {
 
 function crypto_methods() {
 
-	if(\Zotlabs\Lib\System::get_server_role() !== 'pro')
-		return [ 'aes256cbc' ];
-
 	// 'std' is the new project standard which is aes256cbc but transmits/receives 256-byte key and iv. 
 	// aes256cbc is provided for compatibility with earlier zot implementations which assume 32-byte key and 16-byte iv. 
 	// other_encapsulate() now produces these longer keys/ivs by default so that it is difficult to guess a
@@ -165,7 +162,7 @@ function crypto_methods() {
 	// The actual methods are responsible for deriving the actual key/iv from the provided parameters;
 	// possibly by truncation or segmentation - though many other methods could be used.  
 
-	$r = [ 'std', 'aes256cbc', 'aes128cbc', 'cast5cbc' ];
+	$r = [ 'aes256ctr', 'std', 'aes256cbc', 'aes128cbc', 'cast5cbc' ];
 	call_hooks('crypto_methods',$r);
 	return $r;