Previous
OpenSSL hit by forgery bug
News Security researchers have demonstrated a way to bypass OpenSSL security restrictions by forging certain digital signatures, the OpenSSL project has warned. OpenSSL is used in many security products, secure Web servers and virtual private networks...
[September 22, 2006, 16:20]
OpenSSL shuts attack holes
News The group behind OpenSSL, a widely used open-source Web security program, released two patches for security flaws to block potential denial-of-service attacks, the organisation's developers said on Wednesday.
[March 18, 2004, 7:30]
Sun donates cryptography tech to OpenSSL project
News The Santa Clara, California-based server seller donated the technology to the OpenSSL project, a programming group that makes an open-source version of the Secure Sockets Layer (SSL) encryption system.
[September 20, 2002, 14:32]
Researcher: Debian cryptography may be flawed
News A security researcher has warned that cryptographic keys generated in the last year and a half using Debian OpenSSL may be invalid. According to Moore, a bug in a Debian OpenSSL package was created in 2006 by the removal of a piece of code, which...
[May 16, 2008, 10:34]
FileWard
Downloads FileWard uses the cryptography libraries of OpenSSL to make six industrial strength encryption ciphers available in an easy to use drag and drop application. Based on OpenSSL for robust cryptographic performance.
[May 8, 2009, 15:39]
PuzzlePalace
Downloads By providing a graphic user interface to the system's standard openssl tools, PuzzlePalace allows all Mac OS X users to easily drag and drop encrypted files to and from Mail messages (using Mail.app) or the Desktop.
[March 24, 2001, 7:00]
Open source renders patching a problem
News The overwhelming number of open source Web sites and the widespread use of OpenSSL to secure connections create a tremendous problem when vulnerabilities emerge. For example, in October 2005, the OpenSSL.org Project released a patch to fix a...
[November 17, 2005, 11:10]
Browsers beware: new holes in IE and Flash
News The OpenSSL flaws involve only a denial of service event, which is worrying, but obviously a lesser concern than compromising secure data. Some recently disclosed vulnerabilities in OpenSSL are also detailed in the CERT Advisory CA-2002-23, but...
[August 27, 2002, 12:24]
Attacks increase on Apache servers
News Thus, those running an SSL-enabled server should upgrade to version 0.9.6e or later of OpenSSL and recompile. This is an OpenSSL source problem and doesn't require an Apache upgrade but requires an OpenSSL library update.
[December 11, 2002, 10:59]
Flaws found in BSD, Linux software updaters
News For example, even though known flaws exist in an older version of OpenSSL for Debian, the list of flawed files is still correctly signed. Using this old, signed file list, a malicious mirror can keep a client on the insecure version of OpenSSL by...
[July 14, 2008, 17:08]
High-risk flaws in corporate security revealed
News Open Secure Socket Layer (SSL) certificate parsing vulnerability: Some web servers are using OpenSSL to provide encryption. Some OpenSSL versions are known to contain several vulnerabilities that could allow an attacker to carry out a denial-of...
[June 20, 2008, 8:17]
EzChecksum
Downloads A Cocoa-based GUI wrapper for the /usr/bin/openssl program. Lets you easily validate files via a hash key. Also lets you create a checksum key for a file.
[September 25, 2007, 8:00]
AppleScrypto
Downloads Using this script you can secure delete or encrypt/decrypt a file or folder using srm and openssl (aes-256-cbc) OSX unix tools. Remember: if you encrypt files and remove the originals using secure delete, and then forget the password, there is no...
[March 4, 2008, 7:00]
Govt finds open-source flaws
News The security flaws exist in the OpenSSL Project's version of the secure sockets layer (SSL) software used by Web sites and browsers to cryptographically secure data. The flaws were found when the UK government put the software through rigorous...
[October 2, 2003, 8:35]
Open source renders patching a problem
Talkback All Linux distros I know that use openssl have an automatic update feature. What exactly are you under the impression is missing?
[November 18, 2005, 3:23]
Text Encrypter
Downloads Text Encrypter uses OpenSSL and RC-4 (128-bit) encryption technology, which is the method primarily used on most secure web sites. Text Encrypter is a powerful text encryption program that may be used to encrypt blocks of arbitrary text or files.
[April 1, 2008, 8:00]
PostgreSQL
Downloads This build includes support for JDBC, GNU Readline, ODBC, C++, Multibyte ands OpenSSL. This is the PostgreSQL database server in a convenient Mac OS X package. Some configuration is necessary after installation, please see the instructions at http...
[June 1, 2003, 8:00]
Checksum
Downloads It is a small Cocoa wrapper around the command-line tool "openssl" included in Mac OS X. This small application can calculate checksums for files via a convenient drag-and-drop interface. To use it, just drop a file onto the window.
[July 7, 2009, 7:16]
Creating a Centralized Secure Log Server With syslog-ng and Stunnel
White Papers Each of the reference machines discussed comes installed with OpenSSL, tcp wrappers, the Solaris 8 /dev/urandom patch, and the GNU development environment (gcc, and so on) and several other freeware packages.
[November 1, 2006, 0:00]
Cache-Collision Timing Attacks Against AES
White Papers The attacks presented should be applicable to most high-speed software AES implementations and computing platforms, the authors have implemented them against OpenSSL v.a) running on Pentium III, Pentium IV Xeon, and UltraSPARC III+ machines.
[September 7, 2006, 3:18]
