The OpenSSL versions bundled in official Windows installers prior to 2.3.6-I002/I602 of OpenVPN are vulnerable to ​FREAK. OpenVPN users on *NIX typically get an updated OpenSSL version through their package management system and do not need to update OpenVPN.

Fortunately the vulnerability's impact on OpenVPN is fairly small:

• OpenVPN's tls-auth feature prevents this attack
• Adding !EXP to the server side tls-cipher is enough to mitigate attacks. The suggested tls-cipher string is DEFAULT:!EXP:!LOW:!PSK:!SRP:!kRSA. This disallows export ciphers, weak ciphers (e.g. DES), and RSA key exchange (note: not RSA authentication), but allows any future, stronger cipher suites.
• Clients who wish to rule out this attack on clients prior to 2.3.6-I002/I603 can add !kRSA to their tls-cipher string
• An attacker requires a man-in-the-middle position.
• An attacker has to invest time and money per OpenVPN instance (restart) to attack a connection, which makes this relevant for targeted attacks only.
• OpenVPN always provides PFS with its own key exchange mechanism, making it impossible to decrypt sessions prior to a successful factorization of the temporary export key, even if those connections already used an RSA_EXPORT cipher.