= OpenSSL vulnerability - Heartbleed = A vulnerability in OpenSSL, nicknamed Heartbleed, was published in April 2014 [#ref1 1]. OpenVPN uses OpenSSL as its crypto library by default and thus is affected too. == What does this mean? == An attacker can trick OpenSSL into returning a part of your program memory. That memory contains your session keys (the keys used to encrypt your data), and usually your master secret key too. If your OpenVPN is or has been vulnerable to heartbleed you should consider your keys, and the traffic over the VPN tunnel, compromised. == Am I affected too? == Your OpenVPN is affected when your OpenVPN is linked against OpenSSL, versions 1.0.1 through 1.0.1f. == Has OpenVPN been successfully exploited? == This is very likely. On 16th April 2014 [http://thread.gmane.org/gmane.network.openvpn.user/34784 a mail] was sent to openvpn-user list by Fredrik Strömberg, who claimed the following: {{{ We have successfully extracted private key material multiple times from an OpenVPN server by exploiting the Heartbleed Bug. The material we found was sufficient for us to recreate the private key and impersonate the server. --- snip --- ... you should assume that other teams with more nefarious purposes have already created weaponized exploits for OpenVPN. Just to be clear, we don't intend to use this exploit ourselves. We merely developed it to examine the practical impact on OpenVPN as part of our incident investigation. }}} More details in the [http://thread.gmane.org/gmane.network.openvpn.user/34784 email thread]. The exploit has not yet been tested by anyone within the OpenVPN project, but we have to assume it is capable of doing what Fredrik claims. == How do I fix this? == 1. Update your OpenSSL library 2. Revoke your old private keys 3. Generate new private keys 4. Create certificates for the new private keys == Is this for clients or servers? == Both. Replace the keys for each peer that was active while linked against a vulnerable OpenSSL. == Are Android clients affected too? == Android shipped OpenSSL 1.0.1 as of 4.1, but disable heartbeats since 4.1.2. That means only Android 4.1(.0) and 4.1.1 are vulnerable. There are app available to check your own device like [https://play.google.com/store/apps/details?id=com.lookout.heartbleeddetector Heartbleed Detector]. OpenVPN for Android 0.6.17 and later use an embedded not vulnerable OpenSSL library. OpenVPN Connect uses PolarSSL and is not vulnerable either. This however still leaves all other apps/services on the device vulnerable. == What about Tunnelblick for MacOS X == Old versions for Tunnelblick are affected, but fixed versions [https://code.google.com/p/tunnelblick/wiki/News have been released]. == What about Windows clients? == All [http://openvpn.net/index.php/download/community-downloads.html official OpenVPN Windows client installers] are shipped with OpenSSL. However, only installer versions ''2.3-rc2-I001'' through ''2.3.2-I003'' ship a vulnerable version. Installer version ''2.3.2-I004'' fixes this vulnerability by bundling OpenSSL 1.0.1g. The fixed version can be downloaded from [http://openvpn.net/index.php/open-source/downloads.html here]. If you want to verify whether the version of OpenSSL in your OpenVPN installation is vulnerable, go to ''C:\Program Files\OpenVPN\bin'' using Windows Explorer, right-click on ''libeay32.dll'', click properties and check what ''Details -> Product Version'' says. == Is Access Server affected? == Short answer: yes. All Access Server users are advised to [https://openvpn.net/index.php/access-server/overview.html upgrade immediately] to Access Server 2.0.7. If you would like to patch the OpenSSL libraries for older versions of Access Server please [http://swupdate.openvpn.org/hb/ download the libs] for your distro and copy them into /usr/local/openvpn_as/lib. For more information have a look at the OpenVPN Technologies' [http://openvpn.net/index.php/access-server/heartbleed.html official announcement]. == Are OpenVPN Connect clients affected == It depends: * The iOS and Android versions use PolarSSL and are not vulnerable * Windows and MacOS X versions use OpenSSL and old client versions are vulnerable Access Server 2.0.7 includes OpenVPN Connect clients that have been fixed. If you have installed Access Server 2.0.6 and for whatever reason can't upgrade to 2.0.7 you should get updated clients from [http://swupdate.openvpn.org/hb/Clients here]. For more information have a look at the OpenVPN Technologies' [http://openvpn.net/index.php/access-server/heartbleed.html official announcement]. == Are PolarSSL builds affected too? == No. See [#ref2 2]. == Do TLS-auth keys protect my setup? == To some extent. You are strongly encouraged to use TLS-auth keys. In this scenario an attacker can not attack openvpn instances without the TLS-auth key. With a large user base, you should however consider the possibility of one (or more) of the OpenVPN instances being compromised. Such a compromised instance could attack other instances (including the server). ![1] [=#ref1] http://heartbleed.com/ ![2] [=#ref2] https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-01