OpenSSL Blog

OpenSSL 3.1 Release Candidate

,

The OpenSSL Management Committee (OMC) and the OpenSSL Technical Committee (OTC) are glad to announce our first beta release of OpenSSL 3.1. We consider this to be a release candidate and as such encourage all OpenSSL users to build and test against this beta release and provide feedback.

OpenSSL 3.1 Alpha Release

,

The OpenSSL Management Committee and the OpenSSL Technical Committee are glad to announce the alpha release of OpenSSL 3.1.

OpenSSL Is Looking to Contract a Full-time Engineering Manager

,

UPDATE: Please note this position has been filled.

UPDATE: The application period has been extended due to the Holiday Season.

The OpenSSL Management Committee are looking for a full time Engineering Manager. Details of the role follows.

To apply please send your cover letter and resume to jobs@openssl.org by 20th January 2023.

CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows

,

Today we published an advisory about CVE-2022-3786 (“X.509 Email Address Variable Length Buffer Overflow”) and CVE-2022-3602 (“X.509 Email Address 4-byte Buffer Overflow”).

Please read the advisory for specific details about these CVEs and how they might impact you. This blog post will address some common questions that we expect to be asked about these CVEs.

Configuring Supported TLS Groups in OpenSSL

,

The configuration of supported groups in TLS servers is important to limit the resource consumption of the TLS handshakes performed by the server. This blog post should give system administrators a few useful hints on how to configure the OpenSSL library and two of the most used open source HTTP servers which use the OpenSSL library for supporting the HTTPS protocol.

UPDATE: The post was updated to mention the new CVE-2022-40735 vulnerability.

OpenSSL Presentation at ICMC22 Conference

,

After 2 years of forced covid break, OpenSSL once again presented at the ICMC22 conference. The conference was a very pleasant meet-up of the community around cryptography and cryptographic modules. There were a lot of insights, feedback, and discussions around IT security. OpenSSL gave a talk on the Current Status of OpenSSL.

OpenSSL 3.0 FIPS 140-2 Free Rebranding Offer

,

OpenSSL is celebrating our FIPS 140-2 certification with a special offer for our Premium Support Customers by providing access to a free rebranding of the OpenSSL 3.0 FIPS 140-2 certificate.

See FIPS 140-2 Certificate here