Not signed in (Sign In)

Welcome, Guest

Want to take part in these discussions? Sign in if you have an account, or apply for one below

Vanilla 1.1.10 is a product of Lussumo. More Information: Documentation, Community Support.

    • CommentAuthorlooper
    • CommentTimeApr 15th 2014
     
    I have relied on AlwaysVPN for years, but I couldn't swear as to which versions of OpenSSL have been used by the service since the Heartbleed vulnerability was discovered. The tool at https://filippo.io/Heartbleed/ says "All good, ssl.alwaysvpn.com seems fixed or unaffected!" but I don't know if that has always been the case or not. Can you fill us users in as to any periods of vulnerability that occurred?
    • CommentAuthoradmin
    • CommentTimeApr 15th 2014
     
    Hello looper,
    thanks for mentioning this.
    Very fortunately we were not affected by the Heartbleed vulnerability that was recently discovered.
    Both our web servers and all of our openvpn servers had been using the OpenSSL 0.9.8 branch when the bug was discovered.
    More information about the affected OpenSSL versions is available here http://heartbleed.com/
    Let me know if you have any more questions about this.
    • CommentAuthorlooper
    • CommentTimeApr 15th 2014
     
    Outstanding, and thanks for the quick reply! I thought I remembered seeing 0.9.8, but I wouldn't bet my logins on something that I "thought I remembered." You may want to put this info in big letters on the FAQ or website front page...