[vpn-help] openSSL Heartbleed Bug
lst_hoe02 at kwsoft.de
lst_hoe02 at kwsoft.de
Fri Apr 11 03:56:34 CDT 2014
Zitat von Florian Dille <florian.dille at meinestadt.de>:
> Hi everyone,
>
> I would like to know, if the Shrew Soft VPN Client ist affected by the
> current openSSL Heartbleed Bug.
> And If yes, will there be a fix or is there anything else we can do about
> it?
>
> The release notes of Version 2.2.0 show, that in 2012 there was an update
> to openSSL 1.0.1c which is as far as I know vulnerable.
> "Update the contrib OpenSSL build to use the latest 1.0.1c version."
> The release notes of the following versions 2.2.1 and 2.2.2 did not mention
> any further openSSL update.
>
> Especially since the actual fixed Version OpenSSL 1.0.1g was released just
> this month.
>
> I would appreciate any Infomation regarding this issue.
>
> Kind regards
> Florian
I doubt it is affected. Heartbleed is about TLSv1.2 Heartbeet, Shrew
Soft uses IPSEC/IKE so it uses the crypt engine, but not the
vulnerable protocoll(-extension).
Regards
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5958 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20140411/8bfb0590/attachment.bin>
More information about the vpn-help
mailing list