[vpn-devel] OpenSSL Heartbleed vulnerability & Shrew VPN client
Willy Yuen
zero0w at gmail.com
Sat Apr 12 00:50:48 CDT 2014
Hello,
Recently, there is widespread media coverage on OpenSSL Heartbleed
vulnerability.
Bruce Schneier does an excellent job of summarizing the vulnerability and
its significance here:
https://www.schneier.com/blog/archives/2014/04/heartbleed.html
>From the Heartbleed official homepage: http://heartbleed.com/
Status of different versions
===================
* OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
* OpenSSL 1.0.1g is NOT vulnerable
* OpenSSL 1.0.0 branch is NOT vulnerable
* OpenSSL 0.9.8 branch is NOT vulnerable
With the release of Shrew 2.2.0+ I understand the OpenSSL package has been
upgraded to OpenSSL 1.0.1c.
As I run the VPN Trace program and it can be found in the log:
Logs from ShrewSoft VPN Trace - IKE Service (Level output = Informational)
14/03/26 15:23:18 ## : IKE Daemon, ver 2.2.2
14/03/26 15:23:18 ## : Copyright 2013 Shrew Soft Inc.
14/03/26 15:23:18 ## : This product linked [ OpenSSL 1.0.1c ] 10 May 2012
14/03/26 15:23:18 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client\debug\iked.log'
Is there any security risk in using Shrew VPN client associated with this
version of OpenSSL, which is affected by the Heartbleed vulnerability?
*Regards,*
*- Willy*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-devel/attachments/20140412/0add3fbf/attachment.html>
More information about the vpn-devel
mailing list