-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
A new version of OpenVPN-NL is available on the OpenVPN-NL site [1]. This version is based on OpenVPN 2.3.1, which integrates PolarSSL 1.2 support [2].
The new version of PolarSSL contains a number of security fixes, in particular fixes against the 'Lucky Thirteen' SSL attack. For a full list of changes, please refer to the OpenVPN site [3].
The new version of OpenVPN fixes a security issue where an attacker with a man-in-the-middle position could inject arbitrary ciphertext into the data channel [4].
Due to the number of improvements, we strongly recommend that you upgrade to the new version of OpenVPN-NL.
*nix packages renamed - - ---------------------
The package and executable name for the Red Hat, Suse, Debian and Ubuntu packages have been changed to openvpn-nl, to allow it to be deployed alongside a regular openvpn installation.
Furthermore, OpenVPN-NL now looks for config files in /etc/openvpn-nl/.
To update your packages version, install the new openvpn-nl package and migrate your configuration.
PolarSSL 1.2 - - -------------
Most relevant for OpenVPN is the addition of Galois Counter Mode (GCM) for AES-based TLS ciphers. The preferred TLS mode has been updated to TLS-DHE-RSA-WITH-AES-256-GCM-SHA384. Furthermore, the PolarSSL API has changed in several places, requiring changes to OpenVPN code.
New deployment advisory - - -----------------------
The deployment advisory has been updated to v1.3. This version deprecates version 1.2 and advises the usage of OpenVPN-NL 2.3.
Minor changes - - -------------
- The command line parameter --use-urandom allows for /dev/urandom to be used as a random source instead of /dev/random on *nix platforms.
- x509 certificate subject and issuer strings containing \0 characters are now rejected.
References - - ----------
[1] https://openvpn.fox-it.com/
[2] https://polarssl.org/tech-updates/releases
[3] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23
[4] https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc