[OpenVPN-NL] OpenVPN-NL v2.3.1-nl1 released
steffan.karger at fox-it.com
Wed May 15 15:19:50 CEST 2013
-----BEGIN PGP SIGNED MESSAGE-----
A new version of OpenVPN-NL is available on the OpenVPN-NL site .
This version is based on OpenVPN 2.3.1, which integrates PolarSSL 1.2
The new version of PolarSSL contains a number of security fixes, in
particular fixes against the 'Lucky Thirteen' SSL attack. For a full
list of changes, please refer to the OpenVPN site .
The new version of OpenVPN fixes a security issue where an attacker
with a man-in-the-middle position could inject arbitrary ciphertext
into the data channel .
Due to the number of improvements, we strongly recommend that you
upgrade to the new version of OpenVPN-NL.
*nix packages renamed
- - ---------------------
The package and executable name for the Red Hat, Suse, Debian and
Ubuntu packages have been changed to openvpn-nl, to allow it to be
deployed alongside a regular openvpn installation.
Furthermore, OpenVPN-NL now looks for config files in /etc/openvpn-nl/.
To update your packages version, install the new openvpn-nl package
and migrate your configuration.
- - -------------
Most relevant for OpenVPN is the addition of Galois Counter Mode (GCM)
for AES-based TLS ciphers. The preferred TLS mode has been updated to
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384. Furthermore, the PolarSSL API has
changed in several places, requiring changes to OpenVPN code.
New deployment advisory
- - -----------------------
The deployment advisory has been updated to v1.3. This version
deprecates version 1.2 and advises the usage of OpenVPN-NL 2.3.
- - -------------
- The command line parameter --use-urandom allows for /dev/urandom
to be used as a random source instead of /dev/random on *nix platforms.
- x509 certificate subject and issuer strings containing \0 characters
are now rejected.
- - ----------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the list-openvpn-nl