PC World

New OpenSSL vulnerability puts encrypted communications at risk of spying

A newly discovered vulnerability that allows spying on encrypted SSL/TLS communications has been identified and fixed in the widely used OpenSSL library. The vulnerability, which is being tracked as ...
Ars Technica

Teach me about p12 files

This is for each shared site (which has its own IP). The pass.sh file has two lines, both lines are the same identical password. The openssl.cnf is what you'd expect. Now, what confuses me, is that ...
Ars Technica

Use alternate openssl path

Since Apple ships openssl-0.9.8 with OS X 10.7.3 with most of the headers declared "deprecated", squid won't compile with the --enable-ssl configure option. I've downloaded openssl-1.0.0g from HMUG, ...
CSOonline

The Heartbleed OpenSSL flaw is worse than you think

On a scale of 1 to 10, this vulnerability is an 11. Here are the steps to take to thoroughly protect yourself from this OpenSSL bug The OpenSSL flaw named Heartbleed is pretty huge. Many of us in the ...
InfoWorld

OpenSSL patches two vulnerabilities in cryptographic library

The OpenSSL project team has patched two vulnerabilities in the cryptographic library and enhanced the strength of existing cryptography used by OpenSSL versions 1.0.1 and 1.0.2. OpenSSL 1.0.2 users ...
Bleeping Computer

OpenSSL fixes two high severity vulnerabilities, what you need to know

The OpenSSL Project has patched two high-severity security flaws in its open-source cryptographic library used to encrypt communication channels and HTTPS connections. The vulnerabilities ...
CRN

Cisco Acknowledges OpenSSL Vulnerabilities

The San Jose, Calif.-based networking giant said the OpenSSL vulnerabilities affect Cisco IPS, Secure ACS, Security Agent, MARS, Unified Presence Server, SIP Proxy Server, Wireless LAN Controller and ...
CSOonline

Android 4.4.4 fixes OpenSSL connection hijacking flaw

Less than three weeks after pushing Android 4.4.3 to users of its Nexus devices, Google released a new version of the OS that incorporates a patch for a serious vulnerability identified in the OpenSSL ...
Business Insider

OpenSSL Re-licensing to Apache License v. 2.0 To Encourage Broader Use with Other FOSS Projects and Products

SAN FRANCISCO, March 23, 2017 /PRNewswire-USNewswire/ -- The OpenSSL project, home of the world's most popular SSL/TLS and cryptographic toolkit, is changing its license to the Apache License v 2.0 ...
Computerworld

Fixing Debian OpenSSL

Debian, the popular Linux distribution, has just been shown to have made an all-time stupid security goof-up. They managed to change OpenSSL in their distribution so that it had no security to speak ...
Computerworld

New OpenSSL vulnerability puts encrypted communications at risk of spying

A newly discovered vulnerability that allows spying on encrypted SSL/TLS communications has been identified and fixed in the widely used OpenSSL library. The vulnerability, which is being tracked as ...