Version 1 (modified by 9 years ago) (diff) | ,
---|
Background
On October 14th 2014, Google released a SSLv3 vulnerability called 'Poodle': http://googleonlinesecurity.blogspot.nl/2014/10/this-poodle-bites-exploiting-ssl-30.html
The vulnerability allows an attacker to obtain the plaintext of connections secures with SSLv3.
Is OpenVPN affected?
No. OpenVPN only supports TLSv1.0 and newer, and is thus not vulnerable to Poodle.