wiki:heartbleed

Version 7 (modified by Samuli Seppänen, 10 years ago) (diff)

--

OpenSSL vulnerability - Heartbleed

A vulnerability in OpenSSL, nicknamed heartbleed, was published in April 2014 1. OpenVPN uses OpenSSL as its crypto library by default and thus is affected too.

What does this mean?

An attacker can trick OpenSSL into returning a part of your program memory. That memory contains your session keys (the keys used to encrypt your data), and usually your master secret key too. If your OpenVPN is or has been vulnerable to heartbleed you should consider your keys, and the traffic over the VPN tunnel, compromised.

Am I affected too?

Your OpenVPN is affected when your OpenVPN is linked against OpenSSL, versions 1.0.1 through 1.0.1f.

How do I fix this?

  1. Update your OpenSSL library
  2. Revoke your old private keys
  3. Generate new private keys
  4. Create certificates for the new private keys

Is this for clients or servers?

Both. Replace the keys for each peer that was active while linked against a vulnerable OpenSSL.

Are Android client affected too?

Android shipped OpenSSL 1.0.1 as of 4.1, but disable heartbeats since 4.1.2. That means only Android 4.1(.0) and 4.1.1 are vulnerable.

What about Windows clients?

All OpenVPN Windows client installers are shipped with OpenSSL. However, only installer versions 2.3-rc2-I001 through 2.3.2-I003 ship a vulnerable version. Installer version 2.3.2-I004 fixes this vulnerability by bundling OpenSSL 1.0.1g. New binaries are available on http://openvpn.net/index.php/open-source/downloads.html .

Are PolarSSL builds affected too?

No. See 2.

Do TLS-auth keys protect my setup?

To some extent. You are strongly encouraged to use TLS-auth keys. In this scenario an attacker can not attack openvpn instances without the TLS-auth key. With a large user base, you should however consider the possibility of one (or more) of the openvpn instances being compromised. Such a compromised instance could attack other instances (including the server).

[1] http://heartbleed.com/

[2] https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-01