OpenSSL 1.1.1 reaches end of life for all but the well-heeled $50k to breathe new life into its corpse. The rest of us must move on to OpenSSL 3.0 Security12 Sep 2023 | 3
OpenSSL downgrades horror bug after week of panic, hype Relax, there's more chance of Babbage coming back to life to hack your system than this flaw being exploited Patches01 Nov 2022 | 3
OpenSSL 3.0.5 awaits release to fix potential worse-than-Heartbleed flaw Updated Though severity up for debate, and limited chips affected, broken tests hold back previous patch from distribution Patches27 Jun 2022 | 10
OpenSSL patches crash-me bug triggered by rogue certs Bad data can throw vulnerable apps and services for an infinite loop Security15 Mar 2022 | 3
3 years, 17 alphas, 2 betas, and over 7,500 commits later, OpenSSL version 3 is here What have we learned during that time? Quite a bit, it appears Security08 Sep 2021 | 13
GCC 10 gets security bug trap. And look what just fell into it: OpenSSL and a prod-of-death flaw in servers and apps Static analyzer proves its worth with discovery of null-pointer error Security23 Apr 2020 | 50
AWS has a security hub, OpenSSL has a new license, London has a problem with cryptocoins, and more Roundup Plus, South Carolina convicts go catfishing OSes01 Dec 2018 | 11
May the May update be with you: OpenSSL key sniffed from radio signal 'One and Done' attack patched in library's May 2018 release Security14 Aug 2018 | 9
The week that QoS in networking, aka WAN, RAN, thank you ma'am Roundup Aruba gets the SD-WAN bug, Huawei patches slowly and so much more Networks24 Jun 2018 |
OpenSSL alpha adds TLS 1.3 support Shambling corpse of ancient, shoddy, buggy, crypto shoved towards the grave Security14 Feb 2018 | 8
Optimus multi-prime is the new rule as OpenSSL transforms crypto policies again If an algo ain't ratified by standards groups, it won't be welcome Security23 Jan 2018 | 4
Inside OpenSSL's battle to change its license: Coders' rights, tech giants, patents and more Analysis Devs who fail to respond to call for change will count as 'yes' votes for AL 2.0 Security24 Mar 2017 | 45
OpenSSL pushes trio of DoS-busting patches One was fixed before anyone realised it was a security issue, so be careful when applying Security31 Jan 2017 | 1
It's 2017 and 200,000 services still have unpatched Heartbleeds What does it take to get people patching? Not Reg readers, obviously. Other, silly people Security23 Jan 2017 | 7
What do you give a bear that wants to fork SSL? Whatever it wants! 'BearSSL' strips crypto back to the bare metal Security09 Nov 2016 | 37
Patch AGAIN: OpenSSL security fixes now need their own security fixes Recursion (n): See recursion Security26 Sep 2016 | 16
Yay! It's International Patch Your Scary OpenSSL Bugs Day! Two innocent programming blunders breed high-risk flaw Security03 May 2016 | 20
Batten down the hatches! OpenSSL preps fix for high impact vuln Disappointingly, there's no snazzy name or logo with this one. Which is actually good Security28 Apr 2016 | 23
Awoogah – brown alert: OpenSSL preps 'high severity' security fixes Patches due to land on March 1 Security25 Feb 2016 | 48
OpenSSL fixes bug, gets dissed by German gov: That's so random ... not Code review highlights problematic RNG Security04 Feb 2016 | 16
OpenSSL patch quashes rare HTTPS nasty, shores up crypto chops Feet up for the many, head's down and patch for the rest. Security29 Jan 2016 | 11
Netherlands votes to splash cash on encryption projects €500k for Open/Libre/Polar-SSL Legal09 Dec 2015 | 18
Feared OpenSSL vulnerability gets patched, forgery issue resolved The latest flaw is bad, but at least it's no Heartbleed Security09 Jul 2015 | 11
Awoogah: Get ready to patch 'severe' bug in OpenSSL this Thursday Heads up for July 9 security vulnerability fix Security06 Jul 2015 | 23
Amazon just wrote a TLS crypto library in only 6,000 lines of C code At 1/10 the size of OpenSSL, it should be easier to spot bugs Security01 Jul 2015 | 41
OpenSSL releases seven patches for seven vulns Flood of fixes to clear LogJam flaw Security12 Jun 2015 | 8
OpenSSL 'high' severity flaw just a puny DoS risk Is that all you’ve got, ClientHello? I put on my brown trousers for this? Security19 Mar 2015 | 6
OpenSSL preps fix for mystery high severity hole Speculation builds about heir to Heartbleed or pal for POODLE Security17 Mar 2015 | 37
Cisco FREAKs out, starts epic OpenSSL bug-splat Happy weekend, network admins Security13 Mar 2015 | 3
OpenSSL audit kicks off for post-Heartbleed strengthening program We can rebuild him. We have the technology. We can make him better...stronger...faster Security10 Mar 2015 | 9
Post-POODLE, OpenSSL shakes off some fleas New fixes repair DOS, authentication flaws Security09 Jan 2015 |
Admins! Never mind POODLE, there're NEW OpenSSL bugs to splat Poodle Four new patches for open-source crypto libraries Security15 Oct 2014 | 11
OpenSSL promises devs advance notice of future bugs, slaps if they blab Future Heartbleeds without the heartache Security10 Sep 2014 | 6
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told Channel29 Jul 2014 | 25
How long is too long to wait for a security fix? Sysadmin blog Synology finally patches OpenSSL bugs in Trevor's NAS Security25 Jul 2014 | 20
Google devs: Tearing Chrome away from OpenSSL not that easy Custom BoringSSL fork not quite a drop-in replacement yet Software25 Jul 2014 | 20
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs Blow to bit-spitter 'tis but a flesh wound, claim team Security17 Jul 2014 | 36
LibreSSL crypto library leaps from OpenBSD to Linux, OS X, more First cross-platform version of cleaned-up OpenSSL fork Security12 Jul 2014 | 68
'I don't want to go on the cart' ... OpenSSL revived with survival roadmap Heartbleed-battered crypto library reveals long path back to health Security01 Jul 2014 | 23
Bored yet? Now there's ANOTHER OpenSSL fork – it's from Google Because Heartbleed is the gift that keeps on giving Software21 Jun 2014 | 26
Thanks for nothing, OpenSSL, grumbles stonewalled De Raadt OpenBSD grump it isn't in the cool kids infosec club Security06 Jun 2014 | 57
Patch NOW: Six new bugs found in OpenSSL – including spying hole On a scale of 1 to Heartbleed, this is a 7 Security05 Jun 2014 | 65
AVG on Heartbleed: It's dangerous to go alone. Take this (an AVG tool) Thousands of websites still spilling their crypto blood on carpets everywhere Security20 May 2014 | 3
Don't fret over SOHO routers and Heartbleed. But yeah, there's LOADS to fear on home kit If OpenSSL bug doesn't get you ... SOMETHING ELSE might Security09 May 2014 | 9
Bevy of tech behemoths aim to plug the next Heartbleed with DOLLARS Web, IT goliaths to pour gold into more open-source code On-Prem24 Apr 2014 | 35
OpenBSD founder wants to bin buggy OpenSSL library, launches fork One Heartbleed vuln was too many for Theo de Raadt Security22 Apr 2014 | 80
Fixing OpenSSL's Heartbleed flaw will take MONTHS, warns Secunia The bug that keeps on giving Security22 Apr 2014 | 12
Netcraft adds Heartbleed sniffing to site-scanning browser tool Checks if sites were vulnerable and what they've done about it Security18 Apr 2014 | 10
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS Updated Agency forgets it exists to protect communications, not just spy on them Security11 Apr 2014 | 102
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts Updated Bloke behind the cockup says not enough people are helping crucial crypto project Software11 Apr 2014 | 178
It may be ILLEGAL to run Heartbleed health checks – IT lawyer Do the right thing, earn up to 10 years in clink On-Prem11 Apr 2014 | 86
Call of Duty 'fragged using OpenSSL's Heartbleed exploit' So it begins ... or maybe not, says one analyst Security10 Apr 2014 | 23
Anatomy of OpenSSL's Heartbleed: Just four bytes trigger horror bug Analysis The code behind the C-bomb dropped on the world Security09 Apr 2014 | 144
Revoke, reissue, invalidate: Stat! Security bods scramble to plug up Heartbleed Paper is safe. Clay tablets too Security09 Apr 2014 | 43
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed Vendors and ISPs have work to do updating firmware - if it's possible to fix this Channel09 Apr 2014 | 66
Amazon carefully stitches up Heartbleed OpenSSL hole Bezos & Co patch mammoth web infrastructure to stop memory-leaking frightener Channel08 Apr 2014 | 11
Running OpenSSL? Patch now to fix CRITICAL bug 'Heartbleed' leaks data from memory Channel08 Apr 2014 | 40
Worried OpenSSL uses NSA-tainted crypto? This BUG has got your back Discovered software blunder disabled distrusted random number generator Security20 Dec 2013 | 34
Google preps Chrome fix to slay SSL-attacking BEAST 20-line patch targets plaintext recovery exploit Security21 Sep 2011 | 7