Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: OpenVPN Fixed OpenSSL Session Renegotiation Issue - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
OpenVPN Fixed OpenSSL Session Renegotiation Issue

OpenVPN released an update to respond to the OpenSSL vulnerability described in CVE-2009-3555. OpenVPN has identified a vulnerability caused by an error in OpenSSL which could be exploited by attackers to manipulate certain data and information.

OpenVPN recommend upgrading to version 2.1_rc21 which is available here.

Additional information regarding OpenVPN session renegotiation is available here.


Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org


523 Posts
ISC Handler
Nov 17th 2009

Sign Up for Free or Log In to start participating in the conversation!