Skip to main content
This blog post is 9 years old and may be out of date.

Third-party clients affected by OpenSSL security advisory

News 

A security vulnerability in the cryptographic library OpenSSL was just disclosed. OpenVPN clients that use vulnerable versions can be tricked into accepting a man-in-the-middle attacker as a valid VPN server.

The Mullvad client in Windows and OSX is not affected. Stable releases of most Linux distributions like Ubuntu, Fedora and Debian are not affected. Users of unstable or rolling-release distributions should upgrade.

The latest version (2.3.7) of the official OpenVPN client is vulnerable, as is Tunnelblick for OSX. No fix has been published yet. The OpenVPN clients for Android and iOS are not affected.