InfoQ Homepage OpenSSL Content on InfoQ
News
RSS Feed-
OpenSSL Hit by Two High Severity Vulnerabilities, Recently Patched
Introduced in OpenSSL 3.0 in September 2021 and affecting all successive versions up to and including OpenSSL 3.0.6, the two recently patched vulnerabilities are caused by buffer overruns in X.509 certificate verification.
-
Major SSL Vulnerability Affects OpenSSL and HTTPS server traffic
It has been announced that, OpenSSL, the popular cryptography library, has two significant flaws that require patching as soon as possible. The more dangerous of the two, DROWN, affects HTTPS usage on an estimated 11.5 million servers and is not limited to systems using OpenSSL.
-
Security Release for DOS Vulnerability in Node.js
The Node Foundation has announced vulnerabilities in versions of Node.js from v0.12.x through to v5.x "whereby an external attacker can cause a denial of service."
-
AWS s2n: Open-source TLS Implementation in Less than 6,000 Lines
Amazon Web Services has recently introduced s2n, short for “signal to noise”, an open-source implementation of the TLS/SSL protocols that aims to be “simple, small, fast, and with security as a priority”.
-
Google to remove support for SSL 3.0
Google have announced that they will remove support for the obsolete SSL 3.0 after discovering vulnerabilities that may be exploitable by forcing clients or servers to downgrade. Removing SSL 3.0 may also unlock stalled negotiations with HTTP2. Read on for more details.
-
LibreSSL, OpenSSL Replacement: The First 30 Days
LibreSSL is the OpenBSD group's response to the Heartbleed security vulnerability that was discovered a few weeks ago in OpenSSL. LibreSSL aims at fully pruning/refactoring OpenSSL to provide a secure and stable code base, fix long standing bugs, introduce modern programming practices, and redesign portability. After one month of work, it is time for a status update.