Hi *, I'd like to suggest disabling comp-lzo in our sample config for openVPN. (https://github.com/BetterCrypto/Applied-Crypto-Hardening/blob/master/src/configuration/VPNs/OpenVPN/server.conf)
Here is the reason: https://www.bleepingcomputer.com/news/security/voracle-attack-can-recover-http-data-from-vpn-connections/ And: https://www.mail-archive.com/[email protected]/msg16919.html Any objections? Best, a. -- // L. Aaron Kaplan <[email protected]> - T: +43 1 5056416 78 // CERT Austria - https://www.cert.at/ // Eine Initiative der nic.at GmbH - http://www.nic.at/ // Firmenbuchnummer 172568b, LG Salzburg
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Ach mailing list [email protected] https://lists.cert.at/cgi-bin/mailman/listinfo/ach
