Menu
OpenSSL patches a severe but not widespread problem

OpenSSL patches a severe but not widespread problem

In some instances, OpenSSL will reuse prime numbers

The OpenSSL project has patched a problem in the cryptographic library but one that likely does not affect many popular applications.

OpenSSL enables SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encryption. Most websites use it, which is indicated in Web browsers with a padlock symbol.

It's an open-source library that is widely used in applications for secure data transfers. After serious vulnerabilities were found in OpenSSL over the last couple of years, the application has been under much scrutiny by security researchers.

The latest vulnerability affects versions 1.0.1 and 1.0.2. The updated versions are 1.0.2f and 1.0.1r.

In some cases, OpenSSL reuses prime numbers when using the Diffie-Hellman protocol, which could allow an attacker to possibly crack the encryption.

There are some mitigating factors. An attacker would have to complete multiple handshakes with the computer he or she is trying to compromise.

However, the option that reuses prime numbers is not on by default, and most applications likely are not at risk if that option has not been changed, according to the advisory.

OpenSSL underpins two of the most widely used Web servers, Apache and nginx. The code library is also used to protect email servers, chat servers, virtual private networks and other networking appliances.

The discovery of an alarming flaw called Heartbleed in April 2014 prompted a wide examination of OpenSSL. An audit was launched with the aim of eliminating years-old but unknown flaws.


Follow Us

Join the newsletter!

Or
Error: Please check your email address.

Tags securityOpenSSL Project

Featured

Slideshows

Bumper channel crowd kicks off first After Hours of 2018

Bumper channel crowd kicks off first After Hours of 2018

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Jefferson in Auckland to kick-start 2018. Photos by Gino Demeer.

Bumper channel crowd kicks off first After Hours of 2018
Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Show Comments