-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Summary:

OpenVPN-NL is not vulnerable to the SLOTH attack [0].

Background:

On January 6th 2016, INRIA published information on a TLS vulnerability called 'SLOTH' [0]. The vulnerability allows an attacker to impersonate a client with client certificate if the following conditions are met: * the attacker has a Man-in-the-Middle position between a client and server, * the client is willing to authenticate itself with its certificate to the MitM attacker, * both parties support TLS 1.2, and, * both parties allow MD5 ciphersuites to be used.

OpenVPN-NL does not allow MD5 cipher suites, and therefore is not vulnerable to the SLOTH attack.

[0] http://www.mitls.org/pages/attacks/SLOTH