Jump to content
Not connected, Your IP: 3.145.38.67
Sign in to follow this  
userusingused

Manually update OpenSSL

Recommended Posts

Is it possible to manually add an updated OpenSSL DLL file to Eddie?
Even the experimental version is still on 1.0.2a even though 1.0.2d is already released. The stable version on the 1.0.1 branch is even more versions behind.
The standard OpenVPN software has separate .dll files in it's Program Files folder, if Eddie would adopt the same behaviour, then users could copy the up to date DLL's from OpenVPN to Eddie.
I would also recommend releasing security updates for Eddie, just keeping them identical from the latest stable(except from the new OpenSSL or possibly another security fix) so that not much testing is needed and updates can be released swiftly. New features and other bugfixes can be done for the next version so they're properly tested.

Share this post


Link to post

That is interesting as my experimental client (2.10.1) shows - "OpenSSL 1.0.1k". Shouldn't the later standard (noted above) be uniform across all O/S platforms?

​I did also note that the OpenVPN client package is quite different for the experimental client depending on the linux distro being used (some use the OpenVPN Dec 2014 standard, some the May 2015 standard) - presumably this is based on linux distro preferences for stable releases vs rolling type?

I agree in principle that it would be very useful if the Eddie client enabled users to manually force latest OpenSSL and other standards manually or via an update/patch feature, as this is clearly one of the greatest weaknesses concerning VPNs and encryption in general.

That is, we know the Stasi are focused on exploiting SSL coding weaknesses (heartbleed etc) & intercepting SSL private key exchanges with their global listening systems to decipher VPN streams in near real-time for high profile targets (as disclosed by Snowden files) and presumably decrypt all encyrypted streams over time. This is a logical assumption to make due to the X-KeyScore system having special indicators for all encrypted internet traffic - it is all placed in a special pile for later analysis - and they have already targeting multiple VPN providers to steal keys etc.

​I'm sure AirVPN and other notable 'hacktivisits' are high on the Stasi list, so anything that can be done to close the (many) security loopholes operating in all protocols is a prudent decision.

Share this post


Link to post

OpenSSL 1.0.1f (Jan 2014) here provided by Trusty 14.04 LTS derivative.

 

Despite the nominally aged version it does get patched regularly, but I don't know how the AirVPN client knows it to be supposedly dependable.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...