Serious OpenSSL v3.x bug on it's way..
Serious OpenSSL v3.x bug on it's way..
Millions of devices are vulnerable to a critical OpenSSL bug: (2022-10-28)
https://invidious.tiekoetter.com/watch?v=ffx5IL1l4CA
OpenSSL v3.0.7 which contains the bugfixes for the critical security bug(s) will be released on 2022-11-01.
You can check if you're vulnerable by typing "openssl version" in Unix. If the answer is 3.x something, then there's an issue. 1.x 2.x etc is supposedly fine for now.
OpenBSD which uses LibreSSL is also fine.
https://www.helpnetsecurity.com/2022/10/26/openssl-3-0-7-vulnerability-critical-fix/ - Incoming OpenSSL critical fix: Organizations, users, get ready! (2022-10-26)
Any internet facing services using OpenSSL 3.x should probably look into the issue.
Serious OpenSSL v3.x bug on it's way..
Is there a reason for not switching to LibreSSL?
I only played around a little bit with LibreSSL but I found it to be simple to use. It maybe does not support exactly all the features of OpenSSL, but if you can decide between having all the features and having security, for a security library... why are people not switching?
Do people even use all the features of OpenSSL? I think not.. LibreSSL should be completely 100% compatible
Serious OpenSSL v3.x bug on it's way..
OpenSSL is included by default in many OS. So it requires some job to switch it out.. ie inertia.
Perhaps kind of similar as to why people continue with Microsoft products despite knowing it's buggy by a factor 10x at least and will spy on you.