Changes between Version 3 and Version 4 of CCSInjection
- Timestamp:
- 06/05/14 18:50:36 (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
CCSInjection
v3 v4 13 13 No, those are not leaked by this vulnerability. The keys an attacker could intercept are the temporary TLS and VPN data channel keys, which are freshly generated for each new connection. 14 14 15 == Do the six vulnerabilities affect OpenVPN? ==15 == Do the six other OpenSSL vulnerabilities affect OpenVPN? == 16 16 No. Current OpenVPN releases (that is, upto 2.3.4) do not use DTLS, SSL_MODE_RELEASE_BUFFERS or ECDH, and are thus not affected by bugs in those components.