OpenSSL gets patched for a problem that probably doesn't effect you

A new vulnerability has been found in OpenSSL, but this time it isn't so large, and has already been patched.

Published Sun, Jan 31 2016 8:27 AM CST   |   Updated Tue, Nov 3 2020 12:01 PM CST

The OpenSSL project has found, and patched, an issue that was fairly serious though it likely didn't effect very many people, or businesses for that matter.

OpenSSL gets patched for a problem that probably doesn't effect you |

The problem seems to have stemmed around how the open-source implementation of SSL and TLS reuses prime numbers while the Diffie-Hellman key-exchange protocol is used, making it far easier for a would-be attacker to decrypt your information. The good news is that in order for that to happen, a particular setting has to physically be set on, because it's not on by default.

Even better is that in order to have enough information to actually crack the encryption, there the attacker would have to connect (and reconnect via separate handshakes) several times. So it's not something that's of too much concern, certainly not at the same level of the Heartbleed vulnerability of 2014.

OpenSSL has been under scrutiny since the debacle of 2014 and an internal audit of the source code has been underway to find and patch bugs precisely like this one. So this is a good sign that the team looking into OpenSSL is hard at work. The patched version is 1.0.1f and 1.0.1r.

But again, this likely doesn't effect the majority of users of the software anyway.


Jeff grew up in the Pacific Northwest where he fell in love with gaming and building his own PC’s. He's a huge fan of any genre of gaming from RTS to FPS, but especially favors space-sims. Now he's stepped into the adult world by becoming a professional student looking to break into the IT Security world. When he’s not deep in his studies, he’s deep in a new game, revisiting an old game, or testing the extreme limits of his own PC. He's now a news contributor for TweakTown, looking to bring a unique view on technology and gaming.

Newsletter Subscription

Related Tags

Newsletter Subscription
Latest News
View More News
Latest Reviews
View More Reviews
Latest Articles
View More Articles