Libreswan and Heartbleed: Difference between revisions

From Libreswan
Jump to navigation Jump to search
(Created page with "== Is Libreswan vulnerable to the OpenSSL "Heartbleed" exploit? == Unlike some open source VPN software, Libreswan does not utilize the OpenSSL library. The pluto daemon uses ...")
 
Line 1: Line 1:
== Is Libreswan vulnerable to the OpenSSL "Heartbleed" exploit? ==
== Is Libreswan vulnerable to the OpenSSL "Heartbleed" exploit? ==
Unlike some open source VPN software, Libreswan does not utilize the OpenSSL library. The pluto daemon uses [https://developer.mozilla.org/en-US/docs/NSS_FAQ NSS] for all cryptographic operations during the IKE exchange in userspace, and once the tunnel is established the traffic encryption is then handled by a kernel module. Therefore pluto and the associated tools included with Libreswan are not subject to the OpenSSL vulnerability CVE-2014-0160, AKA Heartbleed.
Libreswan is implementation of IPsec IKEv1 and IKEv2 keying protocols. Unlike some opensource VPN products which are based on TLS/SSL protocols IPsec implementations are not vulnerable to openssl vulnerability CVE-2014-0160 also known as Heartbleed.
 
See [[Using NSS with libreswan]] for more details about Libreswan's use of NSS

Revision as of 20:16, 10 April 2014

Is Libreswan vulnerable to the OpenSSL "Heartbleed" exploit?

Libreswan is implementation of IPsec IKEv1 and IKEv2 keying protocols. Unlike some opensource VPN products which are based on TLS/SSL protocols IPsec implementations are not vulnerable to openssl vulnerability CVE-2014-0160 also known as Heartbleed.

Retrieved from "https://libreswan.org/wiki/index.php?title=Libreswan_and_Heartbleed&oldid=20196"