VPN: Site to Site and Remote Access SSL-VPN and SSL/TLS Vulnerability

UTM Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 6 replies
Subscribers 1 subscriber
Views 3527 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL-VPN and SSL/TLS Vulnerability

T.Frank over 16 years ago

Hi,

does the new vulnerability from SSL/TLS have impacts for the SSL-VPN Connection with the ASG?

Source:
Vulnerability in SSL/TLS protocol - The H Security: News and Features

Best Regards,
Tobias Frank

This thread was automatically locked due to age.

Parents

0 bryanjacobs over 16 years ago

previous versions of openvpn was affected and hence the release of version 2.1_rc21. There are multiple items that need to be addressed openssl, openvpn, etc... (although I am not an expert in this field but I did stay in a holiday inn). See here http://isc.sans.org/diary.html?storyid=7603
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 16 years ago in reply to bryanjacobs

My read on it is that they updated OpenSSL, as they well should have regardless; but they also explicitly state they OpenVPN has never used the Renogitiation algorithm that is specific to the OpenSSL vulnerability. It does look like they've changed some of their own (OpenVPN) routines for more security, but the OpenSSL bug itself is not involved.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BrucekConvergent over 16 years ago in reply to bryanjacobs

My read on it is that they updated OpenSSL, as they well should have regardless; but they also explicitly state they OpenVPN has never used the Renogitiation algorithm that is specific to the OpenSSL vulnerability. It does look like they've changed some of their own (OpenVPN) routines for more security, but the OpenSSL bug itself is not involved.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data