After the Heartbleed bug hit the security industry, we were one of the first to offer a public response, announcing that we patched our servers thanks to state-of-the-art 0day response. We updated OpenSSL, we re-generated certificate authorities and we performed a complete audit of our infrastructures with regards to what that bug would imply. Our security team found out that there were almost no theorical way that your security might have been compromised. Man-in-the-middle attacks are something we are especially strongly designed to cover.
With this said, the debate in security community about whether a complete regeneration of all authorities is required has not reached consensus, and it is in such context that we have decided that we will nonetheless offer newly generated authorities for all the environments involving OpenSSL across our services. This does not mean that providers who do not change all their authorities (and therefore ask you to use new .crt files) are placing their users at risk, but this means those who do so will definitely not.
We are taking this opportunity, as regenerating full authorities across all services requires a small downtime of few seconds per node and/or protocol affected, to move forward with several stuff our security labs have been playing with for some time now. We will again increase our encryption standards and provide the industry's finest. We will bring some enhancements to OpenVPN server's deep configuration. And we will deploy the necessary elements to support a new protocol we have specifically designed against DPI (deep packet inspection) in an effort to suggest always better efforts to combat infringements of online liberties.
We will open a network issue before the upgrade starts, and we will send you an email once the upgrade has ended. Customers who uses Safejumper will just experience a downtime of few seconds up to 10 minutes maximum. Others will have to update their configurations manually, retrieve new OpenVPN configuration template and new public certificate authority.
Stay tuned.