Openvpn – Is OpenVPN UDP vulnerable to heartbleed

heartbleedopenvpnudp

Is OpenVPN UDP vulnerable to heartbleed?

I need to decide if I'm going to rebuild some servers, but they are very carefully firewalled; 1194/TCP is one of the firewalled ports (yay whitelist!).

1194/UDP is used (mission critical).

Best Answer

OpenVPN over UDP also uses TLS, so it is equally effected just like HTTPS. I have verified this by looking at a packet capture, and saw that the Heartbeat extension is advertised.

Many public tools just check for TLS/STARTTLS servers, but there is no reason why someone cannot craft a special tool for OpenVPN.

The TLS layer in OpenVPN runs on a proprietary socket layer which runs atop of UDP/TCP as can be seen in this picture.