Is SoftEther vulnerable to Heartbleed related attacks?
Does it use OpenSSL ... as part of the OpenVPN stack for example?
It seems most Windows servers do not use OpenSSL, they use a Micrsoft SSL implementation with IIS. Likewise, Microsoft VPN stuff uses built-in SSL from Microsoft. But SoftEther VPN may be affected, and so my Windows servers with SoftEther may be vulnerable... maybe?
Thanks for any input!
Nick
Heartbleed?
-
inten
- Posts: 370
- Joined: Fri Oct 18, 2013 8:15 am
- Location: All around the world
- Contact:
Re: Heartbleed?
Yes, it uses OpenSSL library.
When you don't like the answer, change the question.
Cheers,
Team.
VPNHPanel.com
This account is not associated to SoftEther project.
Cheers,
Team.
VPNHPanel.com
This account is not associated to SoftEther project.
-
arprip
- Posts: 27
- Joined: Wed Feb 26, 2014 3:36 am
Re: Heartbleed?
Depend on what openssl version is using.
It happen on OpenSSL 1.0.1 - 1.0.1f , Only fixed in 1.0.1g
And there is no problem on OpenSSL 0.9.8X
Check this thread. http://www.vpnusers.com/viewtopic.php?f=15&t=2903
Although it is japaness. you can use google translate to translate it.
It happen on OpenSSL 1.0.1 - 1.0.1f , Only fixed in 1.0.1g
And there is no problem on OpenSSL 0.9.8X
Check this thread. http://www.vpnusers.com/viewtopic.php?f=15&t=2903
Although it is japaness. you can use google translate to translate it.
-
nfloersch
- Posts: 4
- Joined: Wed Apr 09, 2014 1:35 pm
Re: Heartbleed?
Does SoftEther use the OS installation of OpenSSL on Linux/Mac systems? Or does it always use its own bundled versions of the libraries?
I assume the libraries are bundled into the Windows executables.
Nick
I assume the libraries are bundled into the Windows executables.
Nick
-
nfloersch
- Posts: 4
- Joined: Wed Apr 09, 2014 1:35 pm
Re: Heartbleed?
arprip wrote:
> Depend on what openssl version is using.
> It happen on OpenSSL 1.0.1 - 1.0.1f , Only fixed in 1.0.1g
>
> And there is no problem on OpenSSL 0.9.8X
Good point!
> Depend on what openssl version is using.
> It happen on OpenSSL 1.0.1 - 1.0.1f , Only fixed in 1.0.1g
>
> And there is no problem on OpenSSL 0.9.8X
Good point!
-
nfloersch
- Posts: 4
- Joined: Wed Apr 09, 2014 1:35 pm
Re: Heartbleed?
arprip wrote:
> And there is no problem on OpenSSL 0.9.8X
>
> Check this thread. http://www.vpnusers.com/viewtopic.php?f=15&t=2903
It does appear from that thread, and forum search for "openssl" that SoftEther uses the older library version. We are safely behind the bleeding edge!
Thanks for the help!
Nick
> And there is no problem on OpenSSL 0.9.8X
>
> Check this thread. http://www.vpnusers.com/viewtopic.php?f=15&t=2903
It does appear from that thread, and forum search for "openssl" that SoftEther uses the older library version. We are safely behind the bleeding edge!
Thanks for the help!
Nick
-
gravyr
- Posts: 2
- Joined: Thu Apr 10, 2014 5:05 am
Re: Heartbleed?
If you visit the open source repositories at SoftEther's uploader site http://uploader.softether.co.jp/src/ you will see that SoftEther uses OpenSSL 0.9.81 and as such avoids the Heartbleed vunerability.