<div dir="auto">I think almost all versions of OpenVPN clients for mobile devices (windows phone?, Android, iOS) didn't traditionally support anything greater than sha1 crypto, so all openvpn mobile clients affected? OpenVPN traditionally also relied on weak CA configs, so it's like time-warping back 5-10 years in browser land? And how many OpenVPN clients actually validate their server side end properly? Some things to consider.</div><div class="gmail_extra"><br><div class="gmail_quote">On Feb 23, 2017 7:44 AM, "Dave Aitel" <<a href="mailto:dave.aitel@gmail.com">dave.aitel@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">So what is it that breaking SHA1 gets you on Windows boxes?<div><br></div><div>-dave</div></div>
<br>______________________________<wbr>_________________<br>
Dailydave mailing list<br>
<a href="mailto:Dailydave@lists.immunityinc.com">Dailydave@lists.immunityinc.<wbr>com</a><br>
<a href="https://lists.immunityinc.com/mailman/listinfo/dailydave" rel="noreferrer" target="_blank">https://lists.immunityinc.com/<wbr>mailman/listinfo/dailydave</a><br>
<br></blockquote></div></div>