Zitat von Florian Dille <[email protected]>:
Hi everyone, I would like to know, if the Shrew Soft VPN Client ist affected by the current openSSL Heartbleed Bug. And If yes, will there be a fix or is there anything else we can do about it? The release notes of Version 2.2.0 show, that in 2012 there was an update to openSSL 1.0.1c which is as far as I know vulnerable. "Update the contrib OpenSSL build to use the latest 1.0.1c version." The release notes of the following versions 2.2.1 and 2.2.2 did not mention any further openSSL update. Especially since the actual fixed Version OpenSSL 1.0.1g was released just this month. I would appreciate any Infomation regarding this issue. Kind regards Florian
I doubt it is affected. Heartbleed is about TLSv1.2 Heartbeet, Shrew Soft uses IPSEC/IKE so it uses the crypt engine, but not the vulnerable protocoll(-extension).
Regards Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ vpn-help mailing list [email protected] https://lists.shrew.net/mailman/listinfo/vpn-help
