Manually update OpenSSL

[userusingused 4]

Is it possible to manually add an updated OpenSSL DLL file to Eddie?
Even the experimental version is still on 1.0.2a even though 1.0.2d is already released. The stable version on the 1.0.1 branch is even more versions behind.
The standard OpenVPN software has separate .dll files in it's Program Files folder, if Eddie would adopt the same behaviour, then users could copy the up to date DLL's from OpenVPN to Eddie.
I would also recommend releasing security updates for Eddie, just keeping them identical from the latest stable(except from the new OpenSSL or possibly another security fix) so that not much testing is needed and updates can be released swiftly. New features and other bugfixes can be done for the next version so they're properly tested.

[bigbrosbitch 65]

That is interesting as my experimental client (2.10.1) shows - "OpenSSL 1.0.1k". Shouldn't the later standard (noted above) be uniform across all O/S platforms?

​I did also note that the OpenVPN client package is quite different for the experimental client depending on the linux distro being used (some use the OpenVPN Dec 2014 standard, some the May 2015 standard) - presumably this is based on linux distro preferences for stable releases vs rolling type?

I agree in principle that it would be very useful if the Eddie client enabled users to manually force latest OpenSSL and other standards manually or via an update/patch feature, as this is clearly one of the greatest weaknesses concerning VPNs and encryption in general.

That is, we know the Stasi are focused on exploiting SSL coding weaknesses (heartbleed etc) & intercepting SSL private key exchanges with their global listening systems to decipher VPN streams in near real-time for high profile targets (as disclosed by Snowden files) and presumably decrypt all encyrypted streams over time. This is a logical assumption to make due to the X-KeyScore system having special indicators for all encrypted internet traffic - it is all placed in a special pile for later analysis - and they have already targeting multiple VPN providers to steal keys etc.

​I'm sure AirVPN and other notable 'hacktivisits' are high on the Stasi list, so anything that can be done to close the (many) security loopholes operating in all protocols is a prudent decision.

[encrypted 13]

OpenSSL 1.0.1f (Jan 2014) here provided by Trusty 14.04 LTS derivative.

 

Despite the nominally aged version it does get patched regularly, but I don't know how the AirVPN client knows it to be supposedly dependable.