|
|
"Kevin P. Fleming" <kpfleming@xxxxxxxxxxxxxxxxxxxx> said: > Doug Lytle wrote: > > > James, > > > > When updating to the current OpenSSL release, does OpenVPN need to be > > re-compiled? The Windows version of OpenVPN is dynamically linked with OpenSSL which means that you can basically just drop-in new OpenSSL .DLLs to upgrade. OpenVPN needs libssl32.dll and libeay32.dll to be in the PATH when it is run. The OpenVPN self-installer usually puts these in \Program Files\OpenVPN\bin BTW, this vulnerability appears to be not more serious than DoS. I didn't see any mention of a remote code injection exploit. Also, SSL/TLS vulnerabilities in OpenSSL can be protected against to a large extent by using --tls-auth. And if you are using static key mode (--secret), you will not be affected because static key mode doesn't use SSL/TLS. James ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |