OpenSSL High Severity Vulnerability

Posted by on July 10, 2015 0 comments

OpenSSL has announced a high severity vulnerability, CVE-2015-1793 which will require an upgrade to some OpenSSL installations. The vulnerability was discovered by Google personnel Adam Langley and David Benjamin on June 24, 2015. Google has been working on an alternative to OpenSSL called BoringSSL. This has allowed Google to reduce vulnerabilities in their installations, but is also a benefit to OpenSSL as issues have been reported. Note that BoringSSL is not impacted. OpenSSL states that “during certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to...

Read More