Introduction

This page lists all security announcements made by the OpenVPN project.

Announcements

• Security announcement: use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt (Mar 2013)
• TLS Triple Handshake Vulnerability and OpenVPN (Mar 2013)
• OpenSSL 'Heartbleed' vulnerability and OpenVPN (Apr 2014)
• OpenSSL CCS Injection Vulnerability (CVE-2014-0224) and OpenVPN (Jun 2014)
• Security announcement: critical denial of service vulnerability (Nov 2014)
• Vulnerabilities fixed in OpenSSL 1.0.1i
• Vulnerabilities fixed in OpenSSL 1.0.1j
• Security announcement: The FREAK vulnerability
• Vulnerabilities fixed in OpenSSL 1.0.1m