Re: [Openvpn-users] New OpenVPN 2.3.6 Windows installers released

2015-03-10 Thread Samuli Seppänen
Hi, Good idea. It's now on my list of things to do. Samuli > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Hi Samuli, > > Since the download link are pointing to swupdate.openvpn.org and this > server has a valid SSL certificate, would it be possible to publish > HTTPS links? Thanks in ad

Re: [Openvpn-users] New OpenVPN 2.3.6 Windows installers released - FREAK

2015-03-07 Thread Steffan Karger
On 06-03-15 17:42, debbie...@gmail.com wrote: >>> Server Config: >>> tls-cipher >>> TLS-DHE-RSA-WITH-AES-256-CBC-SHA:DEFAULT:!EXP:!LOW:!PSK:!SRP:!kRSA >> >> Just use "tls-cipher DEFAULT:!EXP:!LOW:!PSK:!SRP:!kRSA", >> TLS-DHE-RSA-WITH-AES-256-CBC-SHA is ready part of DEFAULT. > > Specifying the act

Re: [Openvpn-users] New OpenVPN 2.3.6 Windows installers released

2015-03-06 Thread Simon Deziel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Samuli, Since the download link are pointing to swupdate.openvpn.org and this server has a valid SSL certificate, would it be possible to publish HTTPS links? Thanks in advance. Best regards, Simon Deziel On 03/05/2015 08:01 AM, Samuli Seppänen

Re: [Openvpn-users] New OpenVPN 2.3.6 Windows installers released - FREAK

2015-03-06 Thread Steffan Karger
Hi, On Fri, Mar 6, 2015 at 12:32 PM, wrote: > Can somebody please explain this: > > Adding !EXP to the server side tls-cipher is enough to mitigate attacks. The > suggested tls-cipher string is DEFAULT:!EXP:!LOW:!PSK:!SRP:!kRSA. This > disallows export ciphers, weak ciphers (e.g. DES), and RSA k

Re: [Openvpn-users] New OpenVPN 2.3.6 Windows installers released - FREAK

2015-03-06 Thread debbie10t
- Original Message - From: "Steffan Karger" To: "Debbie Tent" ; Sent: Friday, March 06, 2015 3:23 PM Subject: Re: [Openvpn-users] New OpenVPN 2.3.6 Windows installers released - FREAK > Hi, > > On Fri, Mar 6, 2015 at 12:32 PM, wrote: >&g

Re: [Openvpn-users] New OpenVPN 2.3.6 Windows installers released

2015-03-06 Thread Pavel Bychikhin
Hello, I've checked my TCP server with SSL FREAK Check (https://tools.keycdn.com/freak) and it said my address is not vulnerable to the SSL FREAK attacks. Is it enough or I have to update OpenVPN anyway? Best regards, Pavel On 05.03.2015 15:01, Samuli Seppänen wrote: Hi all, New Windows ins

Re: [Openvpn-users] New OpenVPN 2.3.6 Windows installers released - FREAK

2015-03-06 Thread debbie10t
Hi Can somebody please explain this: Adding !EXP to the server side tls-cipher is enough to mitigate attacks. The suggested tls-cipher string is DEFAULT:!EXP:!LOW:!PSK:!SRP:!kRSA. This disallows export ciphers, weak ciphers (e.g. DES), and RSA key exchange (note: not RSA authentication), but

[Openvpn-users] New OpenVPN 2.3.6 Windows installers released

2015-03-05 Thread Samuli Seppänen
Hi all, New Windows installers were released today, primarily to bundle OpenSSL 1.0.1l which fixes the FREAK vulnerability. All users of the official OpenVPN Windows installers are encouraged to upgrade their systems or to take other measures to mitigate the attacks. More details are available in