-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
A new version of OpenVPN-NL (2.3.9-nl4) is available on the OpenVPN-NL
website [1]. This version is based on OpenVPN 2.3.9 [2], and PolarSSL
1.2.19 [3].
This release of OpenVPN-NL removes the 'key-method 1' key exchange.
OpenVPN-NL has always used 'key-method 2' as its default, and this only
affects users that previously explicitly set 'key-method 1' in their
configuration.
Key-method 1 is removed, because a buffer overwrite security issue was
discovered [4]. Since key-method 1 is not needed and inferior to
key-method 2, OpenVPN-NL decided to remove the functionality to
eliminate the vulnerability and reduce attack surface.
Users are advised to refrain from using 'key-method 1'. Users that do
not use 'key-method 1' can upgrade to OpenVPN-NL 2.3.9-nl4 at any
convenient time.
As of this release, OpenVPN-NL is also available for Debian Stretch.
References
- ----------
[1] https://openvpn.fox-it.com/
[2] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23
[3]
https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-an
d-polarssl.1.2.19-released
[4] https://community.openvpn.net/openvpn/wiki/CVE-2017-12166
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJZxQGuAAoJEOK/pu29oZxvq1kP/jlaJvgx3+u/62BrhktqLflA
RG0RUlztpk8j2UStxT6etTNPIYgQMalRpZk9Gf/GJnjMAeSkUQQGMVbazpNokAT+
AZr6FBZmbzwgjSvLhn1WSMfktWIiWYV7gjhpDRqO/kgwrCGJqVArCYGdwVEqTZGK
pTeZkRHlL37WzKA+W4RnubUtakPsp9qsbz6aporACeQa00OGRR8+KJA8p7dzlfj5
r+YgPv5L0G5rdjUWfUTp0llvb+Gb2l4cVrfYbVkYtbHw78WpTCREF9L1NqSSkj5Z
qjJ4PzR1q/tSLioOpUN34Et+1+dzkMk4CySnLhURW2H7XAwf0nLXYpALE+XJJTIi
EU80Id9zjBByDb5wGspQt4jMu8WEtqunTT8RM69avSxJEJrLDThrXwYiMorRRAtY
966Dwrv63DhAT2YPG4W4PuEzUqIl+uEtpV6O5/Uyi2MVG+9A4aG217es/pzm0eHv
P+1U6YykP3OEi1pGDtF60g4h3eongoqTuI1czhzjTG2eWHzQdBDeqC3g3kIwuriw
wt5U1R2JRiza+u1ex/BgbNH6gMR3lNftcgD0X5h6s+CEb2FoxwSWgTRkpiFFhw+D
AOCsCqJ+KR6jF+Up3XZokwpIGwD6EnyrwoEvcwswFcIBYgw4Z1fptzqIhgRlu28a
OO/K0GYa+kBMjbFqavu9
=4yET
-----END PGP SIGNATURE-----
