Hi,
OpenVPN can use DSA certificates if you choose one of the following
--tls-cipher:
DHE-DSS-AES256-SHA
EDH-DSS-DES-CBC3-SHA
DHE-DSS-AES128-SHA
EDH-DSS-DES-CBC-SHA
EXP-EDH-DSS-DES-CBC-SHA
If someone use one of the above sipher suite, then he should change OpenSSL
version to 0.9.8j.
By the way, do you plan to add my patch with ECDH support to OpenVPN?
Regards,
Andrzej Chmielowiec
I don't believe this issue significantly affects OpenVPN. OpenVPN does
not use the EVP_VerifyFinal function. The issue is that some internal
OpenSSL functions do not properly check the return value of this
function. The issue is primarily of concern if you are using DSA or
ECDSA certificates, however these are not generally used with OpenVPN
(OpenVPN uses RSA certificates and does not currently support DSA or
ECDSA certificates).
James
Michael A. Gütlbauer wrote:
Hallo!
I'm sure, you know the "OpenSSL Security Advisory [07-Jan-2009]"
(http://www.openssl.org/news/secadv_20090107.txt)
Because there's absolutely no information on your website, whether
OpenVPN is affected and/or a bug-fix will be available, I'd like to ask
you to do so.
Many thanks!
Michael
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
