Background
On October 14th 2014, Google released a SSLv3 vulnerability called 'Poodle': http://googleonlinesecurity.blogspot.nl/2014/10/this-poodle-bites-exploiting-ssl-30.html
The vulnerability allows an attacker to obtain the plaintext of connections secures with SSLv3.
For a more in-depth discussion check: https://www.imperialviolet.org/2014/10/14/poodle.html
Is OpenVPN affected?
No. OpenVPN 2.x never supported SSLv3 or SSLv3 fallback. OpenVPN has always been strictly TLS 1.0 or TLS 1.0+.
Last modified 10 years ago
Last modified on 10/15/14 08:04:29
