-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

A new version of OpenVPN-NL (2.3.2-nl1) is available on the OpenVPN-NL site [1]. This version is based on OpenVPN 2.3.2, and PolarSSL 1.2.8 [2].

The new version of OpenVPN-NL includes a new PolarSSL release, which fixes a denial-of-service possibility during TLS negotiation [3]. A successful attack could compromise the availability, but would *not* compromise confidentiality. In OpenVPN-NL, this denial-of-service attack can only be exploited when the group key ("tls-auth") has been compromised.

We strongly recommend that you upgrade to the new version of OpenVPN-NL.

References - - - - - ----------

[1] https://openvpn.fox-it.com/

[2] https://polarssl.org/tech-updates/releases

[3] https://polarssl.org/tech-updates/security-advisories/polarssl-security-advi...