In association with heise online

02 April 2009, 13:47

OpenSSL 1.0.0 beta1 published

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Although the version number and date might suggest this was an April Fool's joke, it is not. The OpenSSL developers have released version 1.0.0 (beta1) and are looking for users to test it. After more than ten years, this is the first release to have a number 1 at the start of the version number. The developers have in the past been very conservative with their version numbers resulting for example, in recent versions 0.9.8i and 0.9.8k.

The list of modifications and enhancements is, at first sight, extensive, but not ground breaking. For example, it is no longer necessary at the command line to indicate whether a registered algorithm acts as a cipher or a digest; it is sufficient to say just openssl sha256 example.txt.

The OpenSSL developers tend to prioritise stability and reliability which is probably why OpenSSL is the world's most widely used implementation of SSL/TLS protocol. It offers a number of cryptographic functions and methods for certificate management – even the Conficker C worm uses encryption functions from the OpenSSL library.

There have only been two occasions in the last seven years when major problems have appeared with OpenSSL. In mid 2002 buffer overflows in clients and servers were exploited to break into systems and a year ago there was an error on Debian systems which lead to weak private keys. In the latter case, a faulty patch from Debian was found to be the cause, but in the wake of the problem, many web server operators were compelled to exchange their SSL certificates.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit