Hi,
OpenVPN can use DSA certificates if you choose one of the following
--tls-cipher:
DHE-DSS-AES256-SHA
EDH-DSS-DES-CBC3-SHA
DHE-DSS-AES128-SHA
EDH-DSS-DES-CBC-SHA
EXP-EDH-DSS-DES-CBC-SHA
If someone use one of the above sipher suite, then he should change OpenSSL
version to
I don't believe this issue significantly affects OpenVPN. OpenVPN does
not use the EVP_VerifyFinal function. The issue is that some internal
OpenSSL functions do not properly check the return value of this
function. The issue is primarily of concern if you are using DSA or
ECDSA