Hi Gert, > Serious misunderstanding here: you do NOT need to update OpenVPN "per se" to > be secure from Heartbleed. To the contrary, if you just update OpenVPN to > 2.3.4, and leave OpenSSL at a vulnerable version, OpenVPN will > *still* be vulnerable. > > 2.3.3 and 2.3.4 releases contain useful stuff and bugfixes to other bugs, but > they are NOT needed to fix heartbleed, as that bug is not in OpenVPN (and > there is nothing in OpenVPN that we could do to work around it if > the system library is broken).
Thanks for the clarification. I wish the above information had been available on openvpn.net website. Regards. Lisa ----------------------------------------------------- Mail.be, WebMail and Virtual Office http://www.mail.be ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
