Version 2 (modified by 10 years ago) (diff) | ,
---|
Background
On October 14th 2014, Google released a SSLv3 vulnerability called 'Poodle': http://googleonlinesecurity.blogspot.nl/2014/10/this-poodle-bites-exploiting-ssl-30.html
The vulnerability allows an attacker to obtain the plaintext of connections secures with SSLv3.
Is OpenVPN affected?
No. OpenVPN 2.x never supported SSLv3 or SSLv3 fallback. OpenVPN has always been strictly TLS 1.0 or TLS 1.0+.