[OpenVPN-NL] OpenVPN-NL security advisory - heartbleed
Steffan Karger
steffan.karger at fox-it.com
Tue Apr 8 16:53:15 CEST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
A serious vulnerability in OpenSSL has been discovered [1]. OpenVPN-NL
does not use OpenSSL and thus is not affected by this bug.
OpenVPN-NL users should consider:
* OpenVPN-NL uses PolarSSL, not OpenSSL, and is not vulnerable [2].
* When using OpenVPN-NL together with OpenSSL-based OpenVPN, the
OpenSSL-based peers are vulnerable, and their keys and connection could
be compromised.
* When using a TLS-auth ('group') key, attackers needs this key to
mount an attack on OpenSSL-based peers (e.g. through an untrusted or
compromised client).
[1] http://heartbleed.com/
[2]
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-01
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQEcBAEBCAAGBQJTRA1VAAoJEEEwndWOY1w54cYH/1yk02o0qKCJQXY0j20Q83tO
m3DKdDDZl2jFfQkV5Z0w49qm+ZqifZiZyAWvpWeo3P5PicdMDgDxsle7dtva90VM
DAEEslDC7V3Fwbj0237wM6GUZ7ruJarxxhH8UFTfaSkZZmXVMBkDHBKwX5nC6OfM
GDNBXGEYqtf1eaCneGsp6m/TrL2opAhvVWbrOAj3ir7Y9usepLlH0Ce3DQewTmzz
zU8xk25oPZ5KfaVab7tLaXaJwFRBDQVKpFzVdgGnGu3LGlmncMKwdRNCwSrkxkZ2
7J+EKxcEu8jVGjXSvoP9qcKe5bz6e2P9PWQYr6T1fPWdj7hK7KTFyekpOmUrHMs=
=FDQd
-----END PGP SIGNATURE-----
More information about the list-openvpn-nl
mailing list