OpenSSL 1.0.2f, 1.0.1r Security Updates and EOL Announcements

OpenSSL updates for 1.0.2 and 1.0.1

My updates have been available on the Fulgan Mirror since January 28th, 2016. If I don’t have the time to publish a blog post, consider checking the mirror using the link given. Our mirror is updated once a day, so the updates should be available for public within 24 hrs after the official OpenSSL announcement.

If you didn’t update yet, please consider updating ASAP.

Direct Links

http://indy.fulgan.com/SSL/openssl-1.0.2f-i386-win32.zip
http://indy.fulgan.com/SSL/openssl-1.0.2f-x64_86-win64.zip

http://indy.fulgan.com/SSL/openssl-1.0.1r-i386-win32.zip
http://indy.fulgan.com/SSL/openssl-1.0.1r-x64_86-win64.zip

Recommended Version (1.0.2f) highlighted.

About the Update
This update fixes several issues, one of high severity.
1) High Severity: To make a long story short, not in all situation safe primes where used.
2) Fallback to unsafe / disabled ciphers has been blocked for SSLv2.
3) LogJam projection has been enhanced

See the full advisory here: OpenSSL Security Advisory 20160128

Important End of Lifetime notice
The support for the 0.9.8 and 1.0.0 Branch ceased on 12/31/2015! No further updates and security fixes are made available for those branches. Please use one of the above mentioned branches.

New End of Lifetime notice
Support for the 1.0.1 branch will cease on 12/31/2016, too. Users of the 1.0.1 branch are advised to upgrade within this period.

See the official OpenSSL Release Strategy.

LinkLibs
For those interested in the Link Libs and Definitions have a look at the new directory on the mirror where you find the files created while building the above libraries: http://indy.fulgan.com/SSL/LinkLibs/.

Cheers,
Frederik

Advertisements