Ready for InfoQ 3.0? Try the new design and let us know what you think!

Development Follow 783 Followers

Major SSL Vulnerability Affects OpenSSL and HTTPS server traffic

by Jeff Martin Follow 19 Followers on  Mar 06, 2016

It has been announced that, OpenSSL, the popular cryptography library, has two significant flaws that require patching as soon as possible. The more dangerous of the two, DROWN, affects HTTPS usage on an estimated 11.5 million servers and is not limited to systems using OpenSSL.

JavaScript Follow 480 Followers

Security Release for DOS Vulnerability in Node.js

by James Chesters Follow 2 Followers on  Dec 01, 2015

The Node Foundation has announced vulnerabilities in versions of Node.js from v0.12.x through to v5.x "whereby an external attacker can cause a denial of service."


AWS s2n: Open-source TLS Implementation in Less than 6,000 Lines

by Sergio De Simone Follow 21 Followers on  Jul 01, 2015

Amazon Web Services has recently introduced s2n, short for “signal to noise”, an open-source implementation of the TLS/SSL protocols that aims to be “simple, small, fast, and with security as a priority”.


Google to remove support for SSL 3.0

by Alex Blewitt Follow 4 Followers on  Oct 14, 2014 7

Google have announced that they will remove support for the obsolete SSL 3.0 after discovering vulnerabilities that may be exploitable by forcing clients or servers to downgrade. Removing SSL 3.0 may also unlock stalled negotiations with HTTP2. Read on for more details.


LibreSSL, OpenSSL Replacement: The First 30 Days

by Sergio De Simone Follow 21 Followers on  May 19, 2014

LibreSSL is the OpenBSD group's response to the Heartbleed security vulnerability that was discovered a few weeks ago in OpenSSL. LibreSSL aims at fully pruning/refactoring OpenSSL to provide a secure and stable code base, fix long standing bugs, introduce modern programming practices, and redesign portability. After one month of work, it is time for a status update.