Bleeping Computer

OpenSSL fixes severe DoS, certificate validation vulnerabilities

Today, the OpenSSL project has issued an advisory for two high-severity vulnerabilities CVE-2021-3449 and CVE-2021-3450 lurking in OpenSSL products. OpenSSL is a commonly used software library for ...
Threat Post

OpenSSL Patches Critical Certificate Validation Vulnerability

A high-severity bug in OpenSSL was disclosed today, and it affects only organizations that installed an update released in June, and allows anyone with an untrusted TLS certificate to become a CA.
eWeek

OpenSSL Patches for ‘Boring’ Certificate Risk

eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. The open-source OpenSSL cryptographic library project came ...
Ars Technica

OpenSSL Certificate help

I'm trying to generate a certificate (using the openssl command line tool) that can't actually DO anything - can't sign, can't encrypt. Is this possible? It seems like the purpose of the certificate ...
Ars Technica

Help! openssl self-signed self-issued certificate SNAFU!

Last night, I decided to up the ante and "upgrade" my perfectly working self-signed self-issued SSL certificate from valid for 365 days and (default RSA?) 1024-bit to valid for 4096 days and RSA ...
Threat Post

Certificate Revocations Shoot Up in Wake of OpenSSL Heartbleed Bug

The openSSL heartbleed has led to a huge increase in the number of SSL certificates being revoked, as site owners and hosting providers go through the process of replacing vulnerable certificates. The ...