[strongSwan] CRL

Noel Kuntze noel at familie-kuntze.de
Tue Apr 15 12:41:52 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Maria,

StrongSwan is not susceptible to CVE-2014-0160 aka heartbleed.
It only uses openssl to provide support for more ciphers. It does not use it to manage the connections.
Also, heartbeat is not understood by StrongSwan. IKE is something completely different than what openssl itself speaks (SSL/(D)TLS).

The issue with certificate status is probably a problem with the vendor of the certificate that is used by the server your VPN chat client connects to.
Their OCSP or CRL server is probably down or your client is broken in that regard.

Regards,
Noel Kuntze

GPG Key id: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 15.04.2014 12:33, schrieb maria isabel:
> Hello,
>   Just curious.. I recently read an article on how the heartbleed issue had exposed that over 0.5 million certificates are compromised. I even got a warning on my VPN chat client telling me that my certificate status was unknown. Is this possible? Can our RSA keys really be compromised?
> 
> Regards,
>   Maria
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTTQzvAAoJEDg5KY9j7GZYRCIP/2IYrMoEhoF4vAHpccUNau1w
toAMTiT8wlubZMom54sVo7xHfjow5SHAC6K5vJMljWHU6FwJpqToII0yMHahzOi/
Vohm7U0yjasUzDYDbzOQqmYBaeWiPAzd9g6PKq7gxkjthMJmhnxBBByi92m/RFLE
+eGgeq24ivVDI7bO5cGIHiLWnWzacPTwPy7nVdo2c14v76G1g1VqFHmuFXAFTxA0
Xq0IB0bF0O7Y/L1/oZacLposHzCkohFmXy4evDR5nCWjGK5OVe3SsdMbfu3l+NZk
9+S45rNsk08g9M2jRAgcQEBjuVec6x7NGzAO2jH9abaBEd5UImbnGvOhej0pR/Wd
04GxW929DFeR5/59YjKk/HAZ2+7Wz6Zis/5lj07NiMXuZ95jNgFrRIIw0Ez58PhS
rUpImIJt72vq55vnltoKxzwVE7c1RZBALIlcg3EDrhyZLXJi6Y0I752t/oOIO5RM
7tBUok/e2rWocWD+XkAsiJRcc63X1IB4H+TSFwbwm4XCpG+cgl0XS9ZWNs9IcmL3
MLJlOTlU9dJ1UmYADjDQaORP66uCGw3B4NlH/8xv4BIdYRXXRrzcnKUO7yKY7ld0
mWH1E2tGN2RdTjxJaaMr6G773/zSnfre8zbCk4LNHnFcbMT9mQoWMD82IMbLPDne
oUf9tNaVRu3+ZpGpcUMv
=9aHT
-----END PGP SIGNATURE-----


More information about the Users mailing list