>> SSL_check_chain() function".
>> Which we don't, I just grepped through our source tree.
>> So, unless I misunderstand something about OpenSSL intricacies, I think
>> we're safe - no new installers needed, and OpenVPN is not in risk.
> the advisory applies only to application that use the SSL_check_chain()
> function as part of a TLS 1.3 handshake. AFAIK, iIn OpenVPN 2.4 we don't
> do anything with TLS 1.3 just yet, so this security advisory does not
> apply to OpenVPN. Also note that this bug appears only in OpenSSL 1.1.1
> [d-f] , so anything older is fine as well.
Hu? OpenVPN 2.4 supports TLS 1.3 just fine. We have support for it in
tls-version-min and also tls-ciphersuites which is TLS 1.3 specific.


Attachment: signature.asc
Description: OpenPGP digital signature

Openvpn-devel mailing list

Reply via email to