Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: OpenVPN Fixed OpenSSL Session Renegotiation Issue SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
OpenVPN Fixed OpenSSL Session Renegotiation Issue

OpenVPN released an update to respond to the OpenSSL vulnerability described in CVE-2009-3555. OpenVPN has identified a vulnerability caused by an error in OpenSSL which could be exploited by attackers to manipulate certain data and information.

OpenVPN recommend upgrading to version 2.1_rc21 which is available here.

Additional information regarding OpenVPN session renegotiation is available here.


Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org


511 Posts
ISC Handler
Nov 17th 2009

Sign Up for Free or Log In to start participating in the conversation!