InfoQ Homepage OpenSSL Content on InfoQ
News
RSS Feed-
Major SSL Vulnerability Affects OpenSSL and HTTPS server traffic
It has been announced that, OpenSSL, the popular cryptography library, has two significant flaws that require patching as soon as possible. The more dangerous of the two, DROWN, affects HTTPS usage on an estimated 11.5 million servers and is not limited to systems using OpenSSL.
-
Security Release for DOS Vulnerability in Node.js
The Node Foundation has announced vulnerabilities in versions of Node.js from v0.12.x through to v5.x "whereby an external attacker can cause a denial of service."
-
AWS s2n: Open-source TLS Implementation in Less than 6,000 Lines
Amazon Web Services has recently introduced s2n, short for “signal to noise”, an open-source implementation of the TLS/SSL protocols that aims to be “simple, small, fast, and with security as a priority”.
-
Google to remove support for SSL 3.0
Google have announced that they will remove support for the obsolete SSL 3.0 after discovering vulnerabilities that may be exploitable by forcing clients or servers to downgrade. Removing SSL 3.0 may also unlock stalled negotiations with HTTP2. Read on for more details.
-
LibreSSL, OpenSSL Replacement: The First 30 Days
LibreSSL is the OpenBSD group's response to the Heartbleed security vulnerability that was discovered a few weeks ago in OpenSSL. LibreSSL aims at fully pruning/refactoring OpenSSL to provide a secure and stable code base, fix long standing bugs, introduce modern programming practices, and redesign portability. After one month of work, it is time for a status update.