-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

A new version of OpenVPN-NL (2.3.4-nl1) is available on the OpenVPN-NL site [1]. This version is based on OpenVPN 2.3.4, and PolarSSL 1.2.11 [2].

The new version of OpenVPN-NL includes a new PolarSSL release, which fixes a denial-of-service vulnerability when GCM TLS-cipher suites were used [3]. A successful attack could compromise the availability, but would *not* compromise confidentiality. In OpenVPN-NL, this denial-of-service attack can only be exploited when the group key ("tls-auth") has been compromised.

We strongly recommend that you upgrade to the new version of OpenVPN-NL.

Important note for plugin/script users:

This release changes the representation of the tls_serial_{n} environment variable from hex to decimal, to match upstream OpenVPN behaviour.

To ease transition for plugin/script users, a new env variable tls_serial_hex_{n} is added, that exports the serial in hex represenation (like tls_serial_{n} previously did).

References

[1] https://openvpn.fox-it.com/

[2] https://polarssl.org/tech-updates/releases

[3] https://polarssl.org/tech-updates/security-advisories/polarssl-security-advi...