Version 4 (modified by 10 years ago) (diff) | ,
---|
Background
On October 14th 2014, Google released a SSLv3 vulnerability called 'Poodle': http://googleonlinesecurity.blogspot.nl/2014/10/this-poodle-bites-exploiting-ssl-30.html
The vulnerability allows an attacker to obtain the plaintext of connections secures with SSLv3.
For a more in-depth discussion check: https://www.imperialviolet.org/2014/10/14/poodle.html
Is OpenVPN affected?
No. OpenVPN 2.x never supported SSLv3 or SSLv3 fallback. OpenVPN has always been strictly TLS 1.0 or TLS 1.0+.