[OpenVPN-NL] OpenVPN-NL v2.3.1-nl1 released
Steffan Karger
steffan.karger at fox-it.com
Wed May 15 15:19:50 CEST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
A new version of OpenVPN-NL is available on the OpenVPN-NL site [1].
This version is based on OpenVPN 2.3.1, which integrates PolarSSL 1.2
support [2].
The new version of PolarSSL contains a number of security fixes, in
particular fixes against the 'Lucky Thirteen' SSL attack. For a full
list of changes, please refer to the OpenVPN site [3].
The new version of OpenVPN fixes a security issue where an attacker
with a man-in-the-middle position could inject arbitrary ciphertext
into the data channel [4].
Due to the number of improvements, we strongly recommend that you
upgrade to the new version of OpenVPN-NL.
*nix packages renamed
- - ---------------------
The package and executable name for the Red Hat, Suse, Debian and
Ubuntu packages have been changed to openvpn-nl, to allow it to be
deployed alongside a regular openvpn installation.
Furthermore, OpenVPN-NL now looks for config files in /etc/openvpn-nl/.
To update your packages version, install the new openvpn-nl package
and migrate your configuration.
PolarSSL 1.2
- - -------------
Most relevant for OpenVPN is the addition of Galois Counter Mode (GCM)
for AES-based TLS ciphers. The preferred TLS mode has been updated to
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384. Furthermore, the PolarSSL API has
changed in several places, requiring changes to OpenVPN code.
New deployment advisory
- - -----------------------
The deployment advisory has been updated to v1.3. This version
deprecates version 1.2 and advises the usage of OpenVPN-NL 2.3.
Minor changes
- - -------------
- The command line parameter --use-urandom allows for /dev/urandom
to be used as a random source instead of /dev/random on *nix platforms.
- x509 certificate subject and issuer strings containing \0 characters
are now rejected.
References
- - ----------
[1] https://openvpn.fox-it.com/
[2] https://polarssl.org/tech-updates/releases
[3] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23
[4]
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBCAAGBQJRk4aHAAoJEEEwndWOY1w5yY0IAJf4xG3GHzcDPsmkTK3+mHbk
MLnG4n7C1rEtkf4A/PJ0X4hAYS14Mk+5QMYmqinl6KIvKGw0fs6hDMm4b2X0j1fm
z4cWn1/exc0erofAteO+NqLspAIf8AVg/miB3qVgB1E9mAo30tE9fiNn/L49L2Pb
a7kmY8SyNJuHEG2y1mRPb1a/v0ZMvsyiVtMGxWkDiYj9x6bEV+FwIGYLR7eM42NP
mXMekvCoiKBCci8HewLVcMcJeIOCFeuPF2zUax2CH1yeDggFMXGEWkNI/QmuiIPE
YKV+zTQNqy4l0sqPbXJDvWH5S3qL+ZLrV5pLZXGR7N/B2mCtfSI6ynVkOdrf34s=
=gItO
-----END PGP SIGNATURE-----
More information about the list-openvpn-nl
mailing list