-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
A serious vulnerability in OpenSSL has been discovered [1]. OpenVPN-NL does not use OpenSSL and thus is not affected by this bug.
OpenVPN-NL users should consider: * OpenVPN-NL uses PolarSSL, not OpenSSL, and is not vulnerable [2]. * When using OpenVPN-NL together with OpenSSL-based OpenVPN, the OpenSSL-based peers are vulnerable, and their keys and connection could be compromised. * When using a TLS-auth ('group') key, attackers needs this key to mount an attack on OpenSSL-based peers (e.g. through an untrusted or compromised client).
[2] https://polarssl.org/tech-updates/security-advisories/polarssl-security-advi...