[Openvpn-users] heartbleed and openvpn

[fausto milinazzo]

In using the heartbleed exploit to obtain the root certificate and 
personal keys from an openvpn server was it necessary to have use a 
valid certificate?  I would guess that to determine whether a particular 
server is vulnerable does not require a valid certificate so it may be 
possible to carry out such an attack without a valid certificate.

Our users are trusted and there are not many of them so I thought that 
we were safe, but this may not be the case.

I am also not certain why it is necessary to upgrade the windows client.
Any information is welcome.
<<attachment: fmilinaz.vcf>>------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users