Menu
OpenSSL releases several patches but none for serious issues

OpenSSL releases several patches but none for serious issues

The encryption application is still being fine-tuned after major flaws were found

The OpenSSL project has released several patches for moderate flaws, including an additional defense against the Logjam vulnerability revealed last month.

OpenSSL is widely used open-source software that encrypts communications using the SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocol. SSL/TLS prevents clear-text data from being transmitted across the Web, avoiding high security risks.

The patches include three for moderate flaws. Two of these fix flaws that could be used for denial of service attacks, according to an advisory. The third patch fixes a moderate flaw that affects OpenSSL versions prior to a June 2014 release. A fourth patch is for a low severity race condition flaw.

The latest versions of OpenSSL are now 1.0.2b, 1.0.1n, 1.0.0s and 0.9.8zg.

Another change in OpenSSL is an additional defense against the so-called Logjam flaw, which can allow an attacker to significantly weaken the encrypted connection between a user and a Web or email server.

Logjam lies specifically within a set of Diffie-Hellman algorithms, which facilitate the exchange of encryption keys before a connection is secured.

Software products that still support weak 512-bit encryption keys could be tricked into using that weak key, which can be calculated and then used to decrypt traffic.

OpenSSL will now reject handshakes that use Diffie-Hellman parameters shorter than 768 bits, the advisory said. Eventually, the limit will be raised to 1,024 bits.

The discovery of an alarming flaw called Heartbleed in April 2014 prompted a wide examination of OpenSSL, which is used by millions of web sites and email severs. An audit is still ongoing in OpenSSL with the aim of eliminating years-old but unknown flaws.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags patchesOpenSSL

Featured

Slideshows

Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomed 2018 inductees - Chris Simpson, Kendra Ross and Phill Patton - to the third running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing landscape of the technology industry in New Zealand, while outlining ways to attract a new breed of players to the ecosystem. Photos by Gino Demeer.

Reseller News welcomes industry figures for 2019 Hall of Fame lunch
Upcoming tech talent share insights at inaugural Emerging Leaders Forum 2019

Upcoming tech talent share insights at inaugural Emerging Leaders Forum 2019

The channel came together for the inaugural Reseller News Emerging Leaders Forum in New Zealand, created to provide a program that identifies, educates and showcases the upcoming talent of the ICT industry. Hosted as a half day event, attendees heard from industry champions as keynoters and panelists talked about future opportunities and leadership paths and joined mentoring sessions with members of the ICT industry Hall of Fame. The forum concluded with 30 Under 30 Tech Awards across areas of Sales, Entrepreneur, Marketing, Management, Technical and Human Resources. Photos by Gino Demeer.

Upcoming tech talent share insights at inaugural Emerging Leaders Forum 2019
Show Comments