>> SSL_check_chain() function". >> >> Which we don't, I just grepped through our source tree. >> >> So, unless I misunderstand something about OpenSSL intricacies, I think >> we're safe - no new installers needed, and OpenVPN is not in risk. >> >> > the advisory applies only to application that use the SSL_check_chain() > function as part of a TLS 1.3 handshake. AFAIK, iIn OpenVPN 2.4 we don't > do anything with TLS 1.3 just yet, so this security advisory does not > apply to OpenVPN. Also note that this bug appears only in OpenSSL 1.1.1 > [d-f] , so anything older is fine as well. Hu? OpenVPN 2.4 supports TLS 1.3 just fine. We have support for it in tls-version-min and also tls-ciphersuites which is TLS 1.3 specific.
Arne
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
