Libreswan and Heartbleed: Difference between revisions

From Libreswan
Jump to navigation Jump to search
No edit summary
Line 1: Line 1:
== Is Libreswan vulnerable to the OpenSSL "Heartbleed" exploit? ==
== Is Libreswan vulnerable to the OpenSSL "Heartbleed" exploit? ==
Libreswan is an implementation of the IPsec IKEv1 and IKEv2 keying protocols. Unlike some open source VPN products which are based on TLS/SSL protocols, IPsec implementations are not vulnerable to openssl vulnerability CVE-2014-0160, also known as Heartbleed.
 
Libreswan is '''NOT''' vulnerable to the openssl vulnerability CVE-2014-0160 known as Heartbleed.
 
Libreswan is an implementation of IPsec IKEv1 and IKEv2 keying protocols. These protocols do not use TLS to establish VPN connections. VPN services and products based on TLS are often called "SSL VPNs". Libreswan also does not use openssl for IKE/IPsec. Libreswan does use libcurl which itself uses openssl for establishing connections for OCSP and CRL URLs, but it does not provide a server for OCSP/CRL and is therefor not vulnerable there either.

Revision as of 20:40, 10 April 2014

Is Libreswan vulnerable to the OpenSSL "Heartbleed" exploit?

Libreswan is NOT vulnerable to the openssl vulnerability CVE-2014-0160 known as Heartbleed.

Libreswan is an implementation of IPsec IKEv1 and IKEv2 keying protocols. These protocols do not use TLS to establish VPN connections. VPN services and products based on TLS are often called "SSL VPNs". Libreswan also does not use openssl for IKE/IPsec. Libreswan does use libcurl which itself uses openssl for establishing connections for OCSP and CRL URLs, but it does not provide a server for OCSP/CRL and is therefor not vulnerable there either.