-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
> Hi > >> 2.3.2 -> 2.3.4 has no significant security impact (if I remember correctly), it's just the provided *windows* binaries have, because they bundle OpenSSL and that one was vulnerable. So from a security PoV, it's ok to stick to >> 2.3.2, as any version change could bring in new bugs... > > Thanks Gert. > > > Hi Samuli > > As you are the community manager and the person who compiles and creates binaries for Windows and Debian platforms, could you confirm that, from a security point of view, there is no difference in using Linux versions 2.3.2 and 2.3.4? Thanks for your help. > I can't confirm that 2.3.2 and 2.3.4 are equal from a security point of view, because as Gert said, any version change could bring in new [security] bugs :). However, what I can confirm is that OpenVPN Linux binaries are almost always linked to OpenSSL packages provided by the Linux distribution; this is also the case for my OpenVPN Debian/Ubuntu packages, Just use an up-to-date OpenSSL version from your distro's repositories and you should be fine. - -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlPXukIACgkQwp2X7RmNIqMrDQCgguBEM8i9gASkan83BKB1dcb+ RjYAn2Rzb6dRkmLG0ZftY78F5WpA6Pz3 =fSVE -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
