aprovpn / ics-openvpn

Automatically exported from code.google.com/p/ics-openvpn
0 stars 0 forks source link

request OpenSSL version bump from 1.0.1h -> 1.0.1j #291

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
On my OpenVPN server(s), I've switched to the git tree for, in particular, 
robust support of elliptic ciphers suites. My local openvpn installs are all

    openvpn --version
        OpenVPN 2.3_git [git:master/86fe01897b9ec3f3] x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Oct 27 2014
        library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08
        ...

Note the use of openssl 1.0.1j, where there have been a significant number of 
cipher/(D)TLS/etc fixes since 1.0.1h.

@

    https://code.google.com/p/ics-openvpn

I see

    hg/main/openvpn/version.m4      -> 2.3-git

and

    hg/main/openssl/openssl.version -> 1.0.1h

Requesting a version bump of ics-openvpn-bundled OpenSSL from 1.0.1h to current 
1.0.1j

Original issue reported on code.google.com by pgnet.dev on 29 Oct 2014 at 1:55

GoogleCodeExporter commented 9 years ago
OpenVPN tracks the OpenSSL version of the Android Opensource project. 

Most of the issues do not affect OpenVPN (see 
https://community.openvpn.net/openvpn/wiki/Poodle). Integrating new OpenSSL 
version into Android is work I want to leave to the Google engineers. 

Also this version has all the important security fixes back ported (e.g. the 
most recent Poodle workaround).

Original comment by arne@rfc2549.org on 29 Oct 2014 at 2:12