Hi, On Fri, Aug 01, 2014 at 02:29:27PM +0200, Lisa Minogue wrote: > > Serious misunderstanding here: you do NOT need to update OpenVPN "per se" > > to be secure from Heartbleed. To the contrary, if you just update OpenVPN > > to 2.3.4, and leave OpenSSL at a vulnerable version, OpenVPN will > > *still* be vulnerable. > > > > 2.3.3 and 2.3.4 releases contain useful stuff and bugfixes to other bugs, > > but they are NOT needed to fix heartbleed, as that bug is not in OpenVPN > > (and there is nothing in OpenVPN that we could do to work around it if > > the system library is broken). > > Thanks for the clarification. > > I wish the above information had been available on openvpn.net website.
I'm sure it was clearly stated as such when Samuli did the announcement
of the new windows build to fix the OpenSSL bug.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgp1bhOKO9CwR.pgp
Description: PGP signature
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
