OpenSSL updates for 1.0.2 and 1.0.1
My updates have been available on the Fulgan Mirror since January 28th, 2016. If I don’t have the time to publish a blog post, consider checking the mirror using the link given. Our mirror is updated once a day, so the updates should be available for public within 24 hrs after the official OpenSSL announcement.
If you didn’t update yet, please consider updating ASAP.
Recommended Version (1.0.2f) highlighted.
About the Update
This update fixes several issues, one of high severity.
1) High Severity: To make a long story short, not in all situation safe primes where used.
2) Fallback to unsafe / disabled ciphers has been blocked for SSLv2.
3) LogJam projection has been enhanced
See the full advisory here: OpenSSL Security Advisory 20160128
Important End of Lifetime notice
The support for the 0.9.8 and 1.0.0 Branch ceased on 12/31/2015! No further updates and security fixes are made available for those branches. Please use one of the above mentioned branches.
New End of Lifetime notice
Support for the 1.0.1 branch will cease on 12/31/2016, too. Users of the 1.0.1 branch are advised to upgrade within this period.
See the official OpenSSL Release Strategy.
For those interested in the Link Libs and Definitions have a look at the new directory on the mirror where you find the files created while building the above libraries: http://indy.fulgan.com/SSL/LinkLibs/.