InfoWorld

OpenSSL patches two vulnerabilities in cryptographic library

The OpenSSL project team has patched two vulnerabilities in the cryptographic library and enhanced the strength of existing cryptography used by OpenSSL versions 1.0.1 and 1.0.2. OpenSSL 1.0.2 users ...
Business Wire

Ribose Contributes Implementations of Chinese Cryptographic Algorithms to OpenSSL

HONG KONG & NEWARK, Del.--(BUSINESS WIRE)--Ribose has contributed the SM2, SM3 and SM4 Chinese cryptographic algorithms to the OpenSSL cryptographic library, which are now available for general use as ...
Graham Cluley

The Heartbleed bug: serious vulnerability found in OpenSSL cryptographic software library

System administrators, I hope you weren’t planning to have an easy day today? Not only will Microsoft be releasing critical patches later on Tuesday (including the last ever security patches for ...
Ars Technica

Still reeling from Heartbleed, OpenSSL suffers from crypto bypass flaw

A researcher has uncovered another severe vulnerability in the OpenSSL cryptographic library. It allows attackers to decrypt and modify Web, e-mail, and virtual private network traffic protected by ...
Ars Technica

Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping

For a more detailed analysis of this catastrophic bug, see this update, which went live about 18 hours after Ars published this initial post. Researchers have discovered an extremely critical defect ...
GIGAZINE

Developers of cryptographic libraries point out that 'OpenSSL problems are getting worse'

Koehler and his colleagues have maintained pyca/cryptography for 12 years since 2014, and have relied on OpenSSL for its core cryptographic algorithms throughout that time. However, they are ...
Threat Post

OpenSSL Fixes Serious TLS Vulnerability

The maintainers of the OpenSSL library, one of the more widely deployed cryptographic libraries on the Web, have fixed a serious vulnerability that could have resulted in the revelation of 64 KB of ...
ZDNet

Debian and Ubuntu OpenSSL generates useless crypto keys

For almost two years the OpenSSL library used by Linux distribution Debian has been generating useless cryptographic keys — although Debian has issued a patch, experts warn that systems may still be ...
ZDNet

Sloppy programming leads to OpenSSL woes

The OpenSSL cryptographic library is used to provide Secure-Socket Layer (SSL) and Transport Layer Security (TLS) in many popular websites. These include Twitter, GitHub, Yahoo, Tumblr, Steam, and ...
Threat Post

OpenSSL Past, Present and Future

Heartbleed made the world notice what kind of shape OpenSSL development was in from a financial and resources standpoint. In the year since, the project has been funded enough to hire full-time ...
InfoWorld

Popular HTTPS sites still vulnerable to OpenSSL connection hijacking attack

A known critical vulnerability in OpenSSL can be exploited on over 20,000 of Internet's top 155,000 SSL sites, a researcher from Qualys said Some of the Internet’s most visited websites that encrypt ...
Linux Journal

Exploring RSA Encryption in OpenSSL

When sending your credit card number through a public medium, such as the Internet, your financial credibility may be compromised if the number is not first encrypted. It is impossible to tell who may ...