[OpenVPN-NL] OpenVPN-NL 2.3.8-nl1 released

Steffan Karger steffan.karger at fox-it.com
Fri Aug 21 15:42:22 CEST 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

A new version of OpenVPN-NL (2.3.8-nl1) is available on the OpenVPN-NL
site [1]. This version is based on OpenVPN 2.3.8 [2], and PolarSSL
1.2.15 [3].

This new version of OpenVPN-NL includes fixes for a number of minor
security issues in PolarSSL [4][5].  If the recommended tls-auth
mechanism is used in an OpenVPN-NL configuration, an attacker can only
use these to attack such an OpenVPN-NL instance if (s)he is in
possession of the tls-auth key.

Users are advised to upgrade both OpenVPN-NL clients and servers to
2.3.8-nl1.

Important: with this release, the code signing keys have changed, to
move to SHA256 instead of SHA1 signature digests.  The old keys are
_not_ compromised.

We now use keys with the following fingerprints to sign OpenVPN-NL
releases:

Linux: 6A11 9596 8DDC A349 4E7C 598C 43CF 15D3 54E0 3E30
Windows: 0456 cab6 4107 209a 470d 4439 09c5 cee5 576f 9000

Debian/Ubuntu users should import the new keys by:
wget https://openvpn.fox-it.com/repos/fox-crypto-gpg.asc
gpg --with-fingerprint fox-crypto-gpg.asc # (verify fingerprint)
sudo apt-key add fox-crypto-gpg.asc

Red Hat / SuSE users should import new keys by:
wget https://openvpn.fox-it.com/repos/fox-crypto-gpg.asc
gpg --with-fingerprint fox-crypto-gpg.asc # (verify fingerprint)
sudo rpm --import fox-crypto-gpg.asc

Windows users should verify the key fingerprint through
properties->digital signatures before starting the installer.

References
- ----------
[1] https://openvpn.fox-it.com/
[2] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23
[3] https://tls.mbed.org/tech-updates/releases/polarssl-1.2.15-released
[4] https://tls.mbed.org/tech-updates/releases/polarssl-1.2.14-released
[5] https://tls.mbed.org/tech-updates/releases/polarssl-1.2.13-released
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJV1yq+AAoJEEEwndWOY1w5FTUH/2YaJi4RsdUve3536/G1qraQ
Q/Fu0J1YLkvnJp/pP8kwiLNj2XCNFiu+F6CqfCyOoUXyIIn3CtSfHhS6TiYctuj0
TtlWXPMeA051AaCPq4YNaen6xLB/j9vRpFPge3rmgWoJ3LcpqRvLhSSfnr9PhYnZ
t2tXAb/QlUQ7wdjOV3aIKl1OWaxIYSz75lw1PHv4aaV+kygM8+a4NsxCKE8vb4O9
Cmy/HQhwZLF57P6BIfB5SCw8mhLygmfezaTj91kcl64drLD8c/6YN+KUiG4Ee8kO
laUtyXQilpCJdBedcAuXDNdMbZOIAOqopphx8ooVxSVSwB11Kn4nMuNM/IoIdx4=
=v2Mm
-----END PGP SIGNATURE-----

More information about the list-openvpn-nl mailing list