-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

A new version of OpenVPN-NL (2.3.2-nl2) is available on the OpenVPN-NL site [1]. This version is based on OpenVPN 2.3.2, and PolarSSL 1.2.10 [2].

This new version of OpenVPN-NL includes a new PolarSSL release, which fixes a possible timing attack on the server [3,4]. A successful attack could compromise the server's RSA private key. In OpenVPN-NL, this denial-of-service attack can only be exploited when the group key ("tls-auth") has been compromised.

We strongly recommend that you upgrade to this new version of OpenVPN-NL.

Although we believe that this attack is not feasible over the internet, users should consider whether their situation warrants replacement of their server's private/public key pair.

References - ----------

[1] https://openvpn.fox-it.com/ [2] https://polarssl.org/tech-updates/releases [3] https://polarssl.org/tech-updates/security-advisories/polarssl-security-advi... [4] https://polarssl.org/public/ctrsa13.pdf