Ars Technica

OpenSSL 3 patch, once Heartbleed-level “critical,” arrives as a lesser “high”

An OpenSSL vulnerability once signaled as the first critical-level patch since the Internet-reshaping Heartbleed bug has just been patched. It ultimately arrived as a “high” security fix for a buffer ...
InfoQ

OpenSSL 3.2 Brings Support for QUIC, Windows Certificate Store, and More

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Vivek Yadav, an engineering manager from ...
Bleeping Computer

OpenSSL fixes severe DoS, certificate validation vulnerabilities

Today, the OpenSSL project has issued an advisory for two high-severity vulnerabilities CVE-2021-3449 and CVE-2021-3450 lurking in OpenSSL products. OpenSSL is a commonly used software library for ...
Linux Journal

An Introduction to OpenSSL Programming, Part I of II

The quickest and easiest way to secure a TCP-based network application is with SSL. If you're working in C, your best choice is probably to use OpenSSL (http://www ...
ZDNet

OpenSSL 1.1.1 out with TLS 1.3 support and 'complete rewrite' of RNG component

The OpenSSL Project has released a new major version of OpenSSL, the most popular cryptography library for supporting encrypted communications via the Transport Layer Security (TLS) and Secure Sockets ...
CSOonline

The Heartbleed bug: How a flaw in OpenSSL caused a security crisis

Heartbleed is a vulnerability in OpenSSL that came to light in April of 2014; it was present on thousands of web servers, including those running major sites like Yahoo. OpenSSL is an open source code ...