Comment Re:Why should we trust openssl? (Score 5, Informative) 53
you don't know what you're talking about. Openvpn was never affected by the "renegotiation bug" as it doesn't use SSL for that component. As it runs over UDP and TCP, it had to come up with its own way of doing that - hence no problem.
That in combination with HMAC authentication makes it basically immune from that issue anyway...