>> 3. Do we need to re-generate all keys/certificates (ca, clients etc.) and >> send them over to all clients after this fix? > > Same answer that has been given before - unless you use some sort of > extra authentication (--tls-auth or one-time-password authentication), there > is a chance that someone stole your keys -> re-generate keys+certs is the > most secure approach to it.
And to further complicate the answer. Even if you used tls-auth you were still vulnerable to getting your keys stolen by anyone that had access to the tls-auth key. // Fredrik ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
