-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

A new version of OpenVPN-NL (2.3.9-nl4) is available on the OpenVPN-NL website [1]. This version is based on OpenVPN 2.3.9 [2], and PolarSSL 1.2.19 [3].

This release of OpenVPN-NL removes the 'key-method 1' key exchange. OpenVPN-NL has always used 'key-method 2' as its default, and this only affects users that previously explicitly set 'key-method 1' in their configuration.

Key-method 1 is removed, because a buffer overwrite security issue was discovered [4]. Since key-method 1 is not needed and inferior to key-method 2, OpenVPN-NL decided to remove the functionality to eliminate the vulnerability and reduce attack surface.

Users are advised to refrain from using 'key-method 1'. Users that do not use 'key-method 1' can upgrade to OpenVPN-NL 2.3.9-nl4 at any convenient time.

As of this release, OpenVPN-NL is also available for Debian Stretch.

References - ---------- [1] https://openvpn.fox-it.com/ [2] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23 [3] https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-an d-polarssl.1.2.19-released [4] https://community.openvpn.net/openvpn/wiki/CVE-2017-12166