The OpenVPN community project team is proud to release OpenVPN 2.3.3. It
can be downloaded from here:


This release contains a number of bug fixes, small enhancements and
changes aimed at improving long-term compatibility with newer OpenVPN
versions. In addition, the Windows installer is bundled with an updated
OpenVPN-GUI and more importantly includes OpenSSL 1.0.0g that fixes the
very serious heartbleed vulnerability:


All Windows users of OpenVPN 2.3-rc2-I001 through OpenVPN 2.3.2-I003
should upgrade their installations immediately.

A full list of changes is available here:


The changelog is also attached to this email.

For generic help use these support channels:

- Official documentation:
- Wiki: <>
- Forums: <>
- User mailing list: <>
- User IRC channel: #openvpn at

Please report bugs and ask development questions here:

- Bug tracker and Wiki: <>
- Developer mailing list: <>
- Developer IRC channel: #openvpn-devel at (requires
  Freenode registration)

Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

Alon Bar-Lev (1):
      pkcs11: use generic evp key instead of rsa

Arne Schwabe (8):
      Add support of utun devices under Mac OS X
      Add support to ignore specific options.
      Add a note what setenv opt does for OpenVPN < 2.3.3
      Add reporting of UI version to basic push-peer-info set.
      Fix compile error in ssl_openssl introduced by polar external-management 
      Fix assertion when SIGUSR1 is received while getaddrinfo is successful
      Add warning for using connection block variables after connection blocks
      Introduce safety check for http proxy options

David Sommerseth (5):
      man page: Update man page about the tls_digest_{n} environment variable
      Remove the --disable-eurephia configure option
      plugin: Extend the plug-in v3 API to identify the SSL implementation used
      autoconf: Fix typo
      Fix file checks when --chroot is being used

Davide Brini (1):
      Document authfile for socks server

Gert Doering (9):
      Fix IPv6 examples in t_client.rc-sample
      Fix slow memory drain on each client renegotiation. ignore fields from "ip -6 route show" output that distort 
      Make code and documentation for --remote-random-hostname consistent.
      Document issue with --chroot, /dev/urandom and PolarSSL.
      Rename 'struct route' to 'struct route_ipv4'
      Replace copied structure elements with including <net/route.h>
      Workaround missing SSL_OP_NO_TICKET in earlier OpenSSL versions

Heikki Hannikainen (1):
      Always load intermediate certificates from a PKCS#12 file

Heiko Hund (2):
      Support non-ASCII TAP adapter names on Windows
      Support non-ASCII characters in Windows tmp path

James Yonan (3):

      TLS version negotiation
      Added "setenv opt" directive prefix.
      Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable 
TLS stateless session resumption.

Jens Wagner (1):
      Fix spurious ignoring of pushed config options (trac#349).

Joachim Schipper (3):
      Refactor tls_ctx_use_external_private_key()
      --management-external-key for PolarSSL
      external_pkcs1_sign: Support non-RSA_SIG_RAW hash_ids

Josh Cepek (2):
      Correct error text when no Windows TAP device is present
      Require a 1.2.x PolarSSL version

Klee Dienes (1):
      tls_ctx_load_ca: Improve certificate error messages

Max Muster (1):
      Remove duplicate cipher entries from TLS translation table.

Peter Sagerson (1):
      Fix configure interaction with static OpenSSL libraries

Steffan Karger (7):
      Do not pass struct tls_session* as void* in key_state_ssl_init().
      Require polarssl >= 1.2.10 for polarssl-builds, which fixes CVE-2013-5915.
      Use RSA_generate_key_ex() instead of deprecated, RSA_generate_key()
      Also update TLSv1_method() calls in support code to SSLv23_method() calls.
      Update TLSv1 error messages to SSLv23 to reflect changes from commit 
      If --tls-cipher is supplied, make --show-tls parse the list.
      Add openssl-specific common cipher list names to ssl.c.

Tamas TEVESZ (1):
      Add support for client-cert-not-required for PolarSSL.

Thomas Veerman (1):
      Fix "." in description of utun.

Reply via email to