[OpenVPN-NL] OpenVPN-NL security advisory - heartbleed

8 Apr 2014


      -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
A serious vulnerability in OpenSSL has been discovered [1]. OpenVPN-NL
does not use OpenSSL and thus is not affected by this bug.
OpenVPN-NL users should consider:
 * OpenVPN-NL uses PolarSSL, not OpenSSL, and is not vulnerable [2].
 * When using OpenVPN-NL together with OpenSSL-based OpenVPN, the
OpenSSL-based peers are vulnerable, and their keys and connection could
be compromised.
 * When using a TLS-auth ('group') key, attackers needs this key to
mount an attack on OpenSSL-based peers (e.g. through an untrusted or
compromised client).
[1] http://heartbleed.com/
[2]
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advi...
...PGP SIGNATURE...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQEcBAEBCAAGBQJTRA1VAAoJEEEwndWOY1w54cYH/1yk02o0qKCJQXY0j20Q83tO
m3DKdDDZl2jFfQkV5Z0w49qm+ZqifZiZyAWvpWeo3P5PicdMDgDxsle7dtva90VM
DAEEslDC7V3Fwbj0237wM6GUZ7ruJarxxhH8UFTfaSkZZmXVMBkDHBKwX5nC6OfM
GDNBXGEYqtf1eaCneGsp6m/TrL2opAhvVWbrOAj3ir7Y9usepLlH0Ce3DQewTmzz
zU8xk25oPZ5KfaVab7tLaXaJwFRBDQVKpFzVdgGnGu3LGlmncMKwdRNCwSrkxkZ2
7J+EKxcEu8jVGjXSvoP9qcKe5bz6e2P9PWQYr6T1fPWdj7hK7KTFyekpOmUrHMs=
=FDQd
-----END PGP SIGNATURE-----

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

[OpenVPN-NL] OpenVPN-NL security advisory - heartbleed