Libreswan and Heartbleed

From Libreswan
Revision as of 20:29, 10 April 2014 by Matt Rogers (talk | contribs) (Created page with "== Is Libreswan vulnerable to the OpenSSL "Heartbleed" exploit? == Unlike some open source VPN software, Libreswan does not utilize the OpenSSL library. The pluto daemon uses ...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Is Libreswan vulnerable to the OpenSSL "Heartbleed" exploit?

Unlike some open source VPN software, Libreswan does not utilize the OpenSSL library. The pluto daemon uses NSS for all cryptographic operations during the IKE exchange in userspace, and once the tunnel is established the traffic encryption is then handled by a kernel module. Therefore pluto and the associated tools included with Libreswan are not subject to the OpenSSL vulnerability CVE-2014-0160, AKA Heartbleed.

See Using NSS with libreswan for more details about Libreswan's use of NSS

Retrieved from "https://libreswan.org/wiki/index.php?title=Libreswan_and_Heartbleed&oldid=20195"