Hi,
On Mon, Apr 07, 2014 at 10:49:20PM +0200, Arne Schwabe wrote:
> Am 07.04.14 22:17, schrieb Gert Doering:
> > On Sun, Apr 06, 2014 at 10:53:11AM +0200, Gert Doering wrote:
> >> A slightly simpler version of this could go to the beginning of
> >> create_socket() (--> no ai_next chain walking nee
I do not know why you sent me this. I do not know you. Please do not e-mail me
again.
On Tuesday, April 8, 2014 1:31 PM,
"openvpn-devel-requ...@lists.sourceforge.net"
wrote:
Send Openvpn-devel mailing list submissions to
openvpn-devel@lists.sourceforge.net
To subscribe or unsubscribe v
>>> Hi,
>>>
>>> Am 08.04.2014 15:42, schrieb Steffan Karger:
> Perhaps a dumb question, but if the server instance is linked
> against an older version of openssl (9.8.x), but the client is
> compiled and linked against the vulnerable version, is it still an
> issue for both sides,
--
-
_RICK BROCKMAN_
_28 LANCASTER ST._
_CHERRY VALLEY, NY 13320_
_607 264-8470_
>> Hi,
>>
>> Am 08.04.2014 15:42, schrieb Steffan Karger:
Perhaps a dumb question, but if the server instance is linked
against an older version of openssl (9.8.x), but the client is
compiled and linked against the vulnerable version, is it still an
issue for both sides, or is
Hi,
On Tue, Apr 08, 2014 at 03:53:05PM +0200, Enno Gröper wrote:
> Then OpenVPN should release new Windows Versions.
Yeah, always glad to have people tell us what to do.
Working on it...
gert
--
USENET is *not* the non-clickable part of WWW!
> Hi,
>
> Am 08.04.2014 15:42, schrieb Steffan Karger:
>>> Perhaps a dumb question, but if the server instance is linked
>>> against an older version of openssl (9.8.x), but the client is
>>> compiled and linked against the vulnerable version, is it still an
>>> issue for both sides, or is the cli
Hi,
Am 08.04.2014 15:42, schrieb Steffan Karger:
Perhaps a dumb question, but if the server instance is linked
against an older version of openssl (9.8.x), but the client is
compiled and linked against the vulnerable version, is it still an
issue for both sides, or is the client going to leak pr
On 4/8/2014 10:13 AM, Steffan Karger wrote:
On 08/04/2014 16:04, Mike Tancsa wrote:
How does one attack the client ? In my case, the client only connects
to my servers ? I use a tls-auth key file as well. If I understand
correctly, the scenario would be the attacker would have to have the
tls-au
On 08/04/2014 16:04, Mike Tancsa wrote:
> How does one attack the client ? In my case, the client only connects
> to my servers ? I use a tls-auth key file as well. If I understand
> correctly, the scenario would be the attacker would have to have the
> tls-auth key file, and then do a man in the m
On 4/8/2014 9:42 AM, Steffan Karger wrote:
Perhaps a dumb question, but if the server instance is linked against
an older version of openssl (9.8.x), but the client is compiled and
linked against the vulnerable version, is it still an issue for both
sides, or is the client going to leak private
Hi,
On 08/04/2014 13:55, Mike Tancsa wrote:
> On 4/8/2014 7:47 AM, Adriaan de Jong wrote:
> >> Using the tls-auth option should protect against this vulnerability
> (assuming that your tls-auth key is not known to the attacker).
> >
> >> If you're not using tls-auth and are using a vulnerable ver
On 4/8/2014 7:47 AM, Adriaan de Jong wrote:
Using the tls-auth option should protect against this vulnerability (assuming
that your tls-auth key is not known to the attacker).
If you're not using tls-auth and are using a vulnerable version of OpenSSL, you
should definitely upgrade to OpenSSL
-Original Message-
From: Davide Brini [mailto:dave...@gmx.com]
Sent: dinsdag 8 april 2014 13:26
To: openvpn-devel@lists.sourceforge.net
Subject: Re: [Openvpn-devel] Heartbleed
> On Tue, 08 Apr 2014 11:08:59 +0200, Tore Anderson wrote:
> > I'm guessing that everyone has seen http://heart
On Tue, 08 Apr 2014 11:08:59 +0200, Tore Anderson wrote:
> I'm guessing that everyone has seen http://heartbleed.com/ by now.
>
> My question is simple: Could anyone confirm whether or not OpenVPN is
> vulnerable (when linked to a vulnerable version of OpenSSL)?
This is James' reply on the dev
I'm guessing that everyone has seen http://heartbleed.com/ by now.
My question is simple: Could anyone confirm whether or not OpenVPN is
vulnerable (when linked to a vulnerable version of OpenSSL)?
Tore
16 matches
Mail list logo
