Below is more information about other openvpn client software.Ĭustomers that are using the community OpenVPN GUI client from are advised to upgrade to the new 2.3.3 version that was released. Also we do recommend that customers use tls-auth. This can be done by selecting a different encryption level, which generates new certificates. Our StrongVPN Android App is not vulnerable to the Heartbleed bug.Ĭustomers may log into the customer portal and use the “change config” option for their openvpn accounts to generate new certificates for each of their openvpn accounts.
#DOWNLOAD VISCOSITY VPN CLIENT MAC UPDATE#
We have released an updated 1.0.3 version of the StrongVPN Mac client to correct this, so please update to the newer client. Our StrongVPN Mac Client was built with a vulnerable version of OpenSSL. Our StrongVPN Windows Client is not vulnerable to the Heartbleed bug. While the biggest risk with this vulnerability was to servers, there is a small risk for any client software that was built with a vulnerable version of OpenSSL. Also our OpenVPN servers run a separate openvpn processes for each openvpn account, which further minimizes the risk of sensitive data being exposed to this vulnerability. Our openvpn accounts also have tls-auth enabled by default, which can help prevent man-in-the-middle (MITM) attacks. We also patched all website servers during this update. This vulnerability in OpenSSL made it possible to retrieve sensitive information like usernames and passwords from vulnerable servers.īy Tuesday morning April 8th we had patched all of our openvpn servers with an updated version of OpenSSL that fixed this vulnerability. OpenSSL is widely used to implement Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols to provide encryption to common services like web, email and vpn.
Late on Monday April 7th we learned about a new vulnerability in the TLS heartbeat function in certain versions of the open source OpenSSL library.
0 kommentar(er)
