OpenSSL 1.0.1k, 1.0.0p and 0.9.8zd

Eight security fixes have been included in the release from January 8th, 2015. All are of low or medium risk: http://openssl.org/news/secadv_20150108.txt

Direct Link for precompiled 1.0.1k DLLs:
http://indy.fulgan.com/SSL/openssl-1.0.1k-i386-win32.zip
http://indy.fulgan.com/SSL/openssl-1.0.1k-x64_86-win64.zip

I needed to fix the build process manually, as described here:
https://github.com/openssl/openssl/issues/209
https://github.com/openssl/openssl/commit/56cd7404499669a32126b5fee2ff75a97fea43f7

As the build process is currently broken for versions 0.9.8 and 1.0.0 too, the updates to 0.9.8zd and 1.0.1p are delayed. Issue reported here: https://github.com/openssl/openssl/issues/210. Let me know if 0.9.8 or 1.0.0 branch is urgently required. Otherwise I am likely going to skip those releases and continue with future updates as usual.

Build working again, here are the direct links for the versions 1.0.0p and 0.9.8zd:
http://indy.fulgan.com/SSL/openssl-1.0.0p-i386-win32.zip
http://indy.fulgan.com/SSL/openssl-1.0.0p-x64_86-win64.zip
http://indy.fulgan.com/SSL/openssl-0.9.8zd-i386-win32.zip
http://indy.fulgan.com/SSL/openssl-0.9.8zd-x64_86-win64.zip

As a note, The OpenSSL Team recently published an End of Life Announcement for the 0.9.8 branch:

“The OpenSSL Project is today making the following announcement:
Support for version 0.9.8 will cease on 31st December 2015.
No further releases of 0.9.8 will be made after that date. Security fixes only
will be applied to 0.9.8 until then.

So, please take the appropriate steps to upgrade to newer branches, either 1.0.0 or 1.0.1 (recommended).

Cheers,
Frederik

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s