-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

A new version of OpenVPN-NL (2.3.8-nl1) is available on the OpenVPN-NL site [1]. This version is based on OpenVPN 2.3.8 [2], and PolarSSL 1.2.15 [3].

This new version of OpenVPN-NL includes fixes for a number of minor security issues in PolarSSL [4][5]. If the recommended tls-auth mechanism is used in an OpenVPN-NL configuration, an attacker can only use these to attack such an OpenVPN-NL instance if (s)he is in possession of the tls-auth key.

Users are advised to upgrade both OpenVPN-NL clients and servers to 2.3.8-nl1.

Important: with this release, the code signing keys have changed, to move to SHA256 instead of SHA1 signature digests. The old keys are _not_ compromised.

We now use keys with the following fingerprints to sign OpenVPN-NL releases:

Linux: 6A11 9596 8DDC A349 4E7C 598C 43CF 15D3 54E0 3E30 Windows: 0456 cab6 4107 209a 470d 4439 09c5 cee5 576f 9000

Debian/Ubuntu users should import the new keys by: wget https://openvpn.fox-it.com/repos/fox-crypto-gpg.asc gpg --with-fingerprint fox-crypto-gpg.asc # (verify fingerprint) sudo apt-key add fox-crypto-gpg.asc

Red Hat / SuSE users should import new keys by: wget https://openvpn.fox-it.com/repos/fox-crypto-gpg.asc gpg --with-fingerprint fox-crypto-gpg.asc # (verify fingerprint) sudo rpm --import fox-crypto-gpg.asc

Windows users should verify the key fingerprint through properties->digital signatures before starting the installer.

References - ---------- [1] https://openvpn.fox-it.com/ [2] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23 [3] https://tls.mbed.org/tech-updates/releases/polarssl-1.2.15-released [4] https://tls.mbed.org/tech-updates/releases/polarssl-1.2.14-released [5] https://tls.mbed.org/tech-updates/releases/polarssl-1.2.13-released