サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
大そうじへの備え
www.openssl.org
Today we published an advisory about CVE-2022-3786 (“X.509 Email Address Variable Length Buffer Overflow”) and CVE-2022-3602 (“X.509 Email Address 4-byte Buffer Overflow”). Please read the advisory for specific details about these CVEs and how they might impact you. This blog post will address some common questions that we expect to be asked about these CVEs. Q: The 3.0.7 release was announced as
The OpenSSL Management Committee has been looking at the versioning scheme that is currently in use. Over the years we’ve received plenty of feedback about the “uniqueness” of this scheme, and it does cause some confusion for some users. We would like to adopt a more typical version numbering approach. The current versioning scheme has this format: MAJOR.MINOR.FIX[PATCH] The new scheme will have t
The following is a press release that we just released, with the cooperation and financial support of the Core Infrastructure Initiative and the Linux Foundation. In the next few days we’ll start sending out email to all contributors asking them to approve the change. In the meantime, you can visit the licensing website and search for your name and request the email. If you have changed email addr
Licensing Update Posted by Rich Salz , Mar 22 nd , 2017 12:00 pm The following is a press release that we just released, with the cooperation and financial support of the Core Infrastructure Initiative and the Linux Foundation. In the next few days we’ll start sending out email to all contributors asking them to approve the change. In the meantime, you can visit the licensing website and search fo
This post talks about OpenSSL and threads. In particular, using OpenSSL in multi-threaded applications. It traces through the history, explains what was changed for the 1.1.0 release, and will hopefully provide some guidance to developers. While none of the behaviors have really changed, and therefore none of this should be new information, the documentation has not been as clear as it could, or s
This is another in the series of posts about decisions we made at our face-to-face meeting a couple of weeks ago. We updated the project roadmap. I think the most important news here, is that our next release will include TLS 1.3. Our current plan is that this will be 1.1.1, which means that it is API-compatible with the current 1.1.0 release. This is really only possible because of the work we di
Today, Karthik Bhargavan and Gaetan Leurent from Inria have unveiled a new attack on Triple-DES, SWEET32, Birthday attacks on 64-bit block ciphers in TLS and OpenVPN. It has been assigned CVE-2016-2183. This post gives a bit of background and describes what OpenSSL is doing. For more details, see their website. Because DES (and triple-DES) has only a 64-bit block size, birthday attacks are a real
Security Policy Reporting security issues If you wish to report a possible security issue in OpenSSL please notify us. Issue triage Notifications are received by the OMC and OTC. We engage resources within OpenSSL to start the investigation and prioritisation. We may work in private with individuals who are not on the OMC or OTC as well as other organisations and our employers where we believe thi
The major changes and known issues for the 1.1.0 branch of the OpenSSL toolkit are summarised below. The contents reflect the current state of the NEWS file inside the git repository. More details can be found in the ChangeLog. Major changes between OpenSSL 1.1.0k and OpenSSL 1.1.0l [10 Sep 2019] Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)For built-in EC cu
The major changes and known issues for the 1.0.2 branch of the OpenSSL toolkit are summarised below. The contents reflect the current state of the NEWS file inside the git repository. More details can be found in the ChangeLog. Major changes between OpenSSL 1.0.2t and OpenSSL 1.0.2u [20 Dec 2019] Fixed an an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-b
Release Strategy First issued 23rd December 2014 Last modified 30th November 2023 From 3.0.0 and above, the OpenSSL versioning scheme uses the format: MAJOR.MINOR.PATCH With this format, API/ABI compatibility will be guaranteed for the same MAJOR version number. MAJOR: API/ABI incompatible changes will increase this number MINOR: API/ABI compatible feature releases will change this PATCH: Bug fix
www.openssl.org/~bodo
OpenSSL 1.0.1 Branch Release notes The major changes and known issues for the 1.0.1 branch of the OpenSSL toolkit are summarised below. The contents reflect the current state of the NEWS file inside the git repository. More details can be found in the ChangeLog. Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [under development] Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Ja
次のページ
このページを最初にブックマークしてみませんか?
『OpenSSL: The Open Source toolkit for SSL/TLS』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
