Skip to content

Commit f5bb27d

Browse files
committed
Document backport of fix for CVE-2018-9336
Note the backported fix for this CVE in the openvpn subproject, given that we can't update to the latest OpenVPN until the integration of liboqs into OpenSSL 1.1 is complete. Unrelated, collapse one paragraph in README.md into a single line.
1 parent 6fdc6d5 commit f5bb27d

File tree

1 file changed

+2
-9
lines changed

1 file changed

+2
-9
lines changed

README.md

+2-9
Original file line numberDiff line numberDiff line change
@@ -14,15 +14,7 @@ We will also enable other ciphersuites as much as we are able to make them work.
1414

1515
We test on Ubuntu Server 16.04 LTS as our Linux platform, and on Windows 10 with Visual Studio 2017. We have not yet tested any other combinations but will offer comment on what we think will be required with other versions, particularly for Microsoft platforms.
1616

17-
We also provide software and instructions for building a post-quantum secure
18-
VPN appliance with a Raspberry Pi 3. The device acts as a WiFi access point, and
19-
tunnels all of its traffic over the post-quantum VPN. This has two main
20-
advantages when compared to using a VPN client on the device. First,
21-
installing VPN client software is not required. Second, using VPN software can
22-
be error prone, and not all traffic will be protected if there are
23-
configuration errors. With a hardware device, all devices connecting to it get
24-
post-quantum security transparently. See the `pqap` directory, and the README file
25-
there for more information.
17+
We also provide software and instructions for building a post-quantum secure VPN appliance with a Raspberry Pi 3. The device acts as a WiFi access point, and tunnels all of its traffic over the post-quantum VPN. This has two main advantages when compared to using a VPN client on the device. First, installing VPN client software is not required. Second, using VPN software can be error prone, and not all traffic will be protected if there are configuration errors. With a hardware device, all devices connecting to it get post-quantum security transparently. See the `pqap` directory, and the README file there for more information.
2618

2719
---
2820

@@ -164,3 +156,4 @@ The build system currently does some extraneous work, such as cross-compiling Op
164156

165157
OpenVPN's line length limit in configuration files limits how many ciphersuites we can specify in order to guarantee a post-quantum ciphersuite is selected.
166158

159+
Our code is currently based on OpenVPN 2.4.4 and the Open Quantum Safe fork of OpenSSL 1.0.2. Because work is still underway to integrate liboqs with the OpenSSL 1.1 series, and OpenVPN began supporting OpenSSL 1.1 with version 2.4.5, we have not yet updated to the latest version of OpenVPN. To address CVE-2018-9336 which affects OpenVPN versions 2.4.5 and earlier, we have backported the fix from version 2.4.6.

0 commit comments

Comments
 (0)