Hi, On 21-05-14 18:19, Lisa Minogue wrote: > According to Debian Security Advisory DSA-2931-1 > (http://www.debian.org/security/2014/dsa-2931) a bug in OpenSSL could result > in a denial of service. > > Is OpenVPN 2.3.4 software (community edition, Microsoft Windows, Mac OS, *nix > versions) affected by it?
Yes, if your OpenSSL is vulnerable, OpenVPN probably is too. I glanced over the code and the affected do_ssl3_write() seems to be in the normal TLS connection code path. -Steffan
