Downloads

Download OpenSSL 0.9.7f

By admin
Spread the love

OpenSSL, SSL is an abbreviation for Secure Socket Layer, is a well-known security program that offers encryption functions that can be used on web servers, among other things. The development team has made some bug fixes and some functionality changes. The changelog contains the following points:

Changes between 0.9.7e and 0.9.7f:

  • Use (SSL_RANDOM_VALUE – 4) bytes of pseudo random data when generating server and client random values. Previously (SSL_RANDOM_VALUE – sizeof(time_t)) would be used which would result in less random data when sizeof(time_t) > 4 (some 64 bit platforms).
    This change has negligible security impact because:y
  • Server and client random values ​​still have 24 bytes of pseudo random data.
  • Server and client random values ​​are sent in the clear in the initial handshake.
  • The master secret is derived using the premaster secret (48 bytes in size for static RSA ciphersuites) as well as client server and random values.

    • The OpenSSL team would like to thank the UK NISCC for bringing this issue to our attention.
    [Stephen Henson, reported by UK NISCC]

  • Use Windows randomness collection on Cygwin.
    [Ulf Möller]
  • Fix hang in EGD/PRNGD query when communication socket is closed prematurely by EGD/PRNGD.
    [Darren Tucker via Lutz Jänicke, resolves #1014]
  • Prompt for pass phrases when appropriate for PKCS12 input format.
    [Steve Henson]
  • Back-port of selected performance improvements from development branch, as well as improved support for PowerPC platforms.
    [Andy Polyakov]
  • Add lots of checks for memory allocation failure, error codes to indicate failure and freeing up memory if a failure occurs.
    [Nauticus Networks SSL Team , Steve Henson]
  • Add new -passin argument to dgst.
    [Steve Henson]
  • Perform some character comparisons of different types in X509_NAME_cmp: this is needed for some certificates that reencode DNs into UTF8Strings (in violation of RFC3280) and can’t or wont issue name rollover certificates.
    [Steve Henson]
  • Make an explicit check during certificate validation to see that the CA setting in each certificate on the chain is correct. As a side effect always do the following basic checks on extensions, not just when there’s an associated purpose to the check:
    • if there is an unhandled critical extension (unless the user has chosen to ignore this fault)
    • if the path length has been exceeded (if one is set at all)
    • that certain extensions fit the associated purpose (if one has been given)

    [Richard Levitte]

Version number 0.9.7f
Website OpenSSL
Download
file size

2.96MB
License type Conditions (GNU/BSD/etc.)
You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Logitech acquires stream controller maker Loupedeck

News

Anticheat FaceIT gets Linux version, enables Steam Deck support