OpenSSL Blog

OpenSSL Presentation at ICMC22 Conference

,

After 2 years of forced covid break, OpenSSL once again presented at the ICMC22 conference. The conference was a very pleasant meet-up of the community around cryptography and cryptographic modules. There were a lot of insights, feedback, and discussions around IT security. OpenSSL gave a talk on the Current Status of OpenSSL.

OpenSSL 3.0 FIPS 140-2 Free Rebranding Offer

,

OpenSSL is celebrating our FIPS 140-2 certification with a special offer for our Premium Support Customers by providing access to a free rebranding of the OpenSSL 3.0 FIPS 140-2 certificate.

See FIPS 140-2 Certificate here

OpenSSL Is Looking to Hire Full-time Position Platform Engineer

,

UPDATE: Please note this position has been filled.

The OpenSSL Management Committee are looking to hire a full time Platform Engineer. This is a sysadmin role. Details of the roles follow.

To apply please send your cover letter and resume to jobs@openssl.org by 17th June 2022.

Spectre and Meltdown Attacks Against OpenSSL

,

The OpenSSL Technical Committee (OTC) was recently made aware of several potential attacks against the OpenSSL libraries which might permit information leakage via the Spectre attack.1 Although there are currently no known exploits for the Spectre attacks identified, it is plausible that some of them might be exploitable.

Local side channel attacks, such as these, are outside the scope of our security policy, however the project generally does introduce mitigations when they are discovered. In this case, the OTC has decided that these attacks will not be mitigated by changes to the OpenSSL code base. The full reasoning behind this is given below.

Starting the QUIC Design

,

The OTC recently agreed a new design process that needs to be followed for future releases. See here for details. Moving forward designs for significant features should be captured and stored alongside the documentation in our main source code repository and updated if necessary during the development process.

OpenSSL Update

,

The OpenSSL community is a diverse group, ranging from those that use applications that depend on OpenSSL (effectively end-users) to operating system distributions, application developers, embedded devices, layered security libraries, and cryptographic algorithm and protocol researchers. Each of these subsets of our community have different needs and different priorities.

OpenSSL Is Looking to Hire Two Full-time Positions: Developer, and Manager

,

UPDATE: Please note these positions have been filled.

The OpenSSL Management Committee are looking to hire a full time Developer and a full time Manager. Details of the roles follow.

To apply please send your cover letter and resume to jobs@openssl.org by 6th January 2022 (extended from 9th December 2021).