sueden.social

Guardian Project<a href="https://social.librem.one/tags/DEfO" class="mention hashtag" rel="nofollow noopener" target="_blank">#DEfO</a> has completed <a href="https://social.librem.one/tags/ECH" class="mention hashtag" rel="nofollow noopener" target="_blank">#ECH</a> implementation for <a href="https://social.librem.one/tags/nginx" class="mention hashtag" rel="nofollow noopener" target="_blank">#nginx</a> and there is a pull request:<a href="https://github.com/nginx/nginx/pull/840" rel="nofollow noopener" target="_blank">https://github.com/nginx/nginx/pull/840</a>If you want to see ECH in nginx sooner rather than later, please jump in and review, give feedback, thumbs up, etc.<a href="https://social.librem.one/tags/EncryptedClientHello" class="mention hashtag" rel="nofollow noopener" target="_blank">#EncryptedClientHello</a> <a href="https://social.librem.one/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#TLS</a> <a href="https://social.librem.one/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSL</a>

daniel:// stenberg://Is there any reason we should keep support for <a href="https://mastodon.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSL</a> < v3 in <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#curl</a> ?<a href="https://curl.se/mail/lib-2025-08/0035.html" rel="nofollow noopener" translate="no" target="_blank">https://curl.se/mail/lib-2025-08/0035.html</a>

openSUSE LinuxSecurity & tooling got stronger too! <a href="https://fosstodon.org/tags/vim" class="mention hashtag" rel="nofollow noopener" target="_blank">#vim</a> 9.1.1508 now supports <a href="https://fosstodon.org/tags/Wayland" class="mention hashtag" rel="nofollow noopener" target="_blank">#Wayland</a> clipboard & new language syntax, <a href="https://fosstodon.org/tags/myrlyn" class="mention hashtag" rel="nofollow noopener" target="_blank">#myrlyn</a> 0.9.7 improves sudo env handling, and key fixes landed in bind, <a href="https://fosstodon.org/tags/sudo" class="mention hashtag" rel="nofollow noopener" target="_blank">#sudo</a>, php8, <a href="https://fosstodon.org/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSL</a>, libxml2, git & more. <a href="https://fosstodon.org/tags/Tumbleweed" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tumbleweed</a> <a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#openSUSE</a> <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://news.opensuse.org/2025/08/01/tw-monthly-update-july/" rel="nofollow noopener" translate="no" target="_blank">https://news.opensuse.org/2025/08/01/tw-monthly-update-july/</a>

Kevin Karhan :verified:<a href="https://social.glitched.systems/@froge" class="u-url mention" rel="nofollow noopener" target="_blank">@froge</a> that's a question I'd like to ask <a href="https://mastodon.social/@mozilla_support" class="u-url mention" rel="nofollow noopener" target="_blank">@mozilla_support</a> ...<ul><li>My assumption is that <a href="https://infosec.space/tags/Mozilla" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mozilla</a>'s <a href="https://infosec.space/tags/NSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#NSS</a> not only supports a shitton of architectures with specific, custom code but also includes the <a href="https://infosec.space/tags/certificates" class="mention hashtag" rel="nofollow noopener" target="_blank">#certificates</a> to trust per default, and those are thousands of CAs with potentially dozens of certificates each...</li></ul>AFAIK <a href="https://infosec.space/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSL</a> doesn't ship with any certificates at all...

NickSome interesting vulnerabilities were patched and <a href="https://infosec.exchange/tags/apache2" class="mention hashtag" rel="nofollow noopener" target="_blank">#apache2</a> has released Apache/2.4.65.<a href="https://infosec.exchange/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#SSL</a> <a href="https://infosec.exchange/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSL</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

ClemensAnother commit landed in <a href="https://chaos.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSL</a>: <a href="https://github.com/openssl/openssl/commit/6b93db7bfd572e81fac581c5be7b0d7509febb80" rel="nofollow noopener" translate="no" target="_blank">https://github.com/openssl/openssl/commit/6b93db7bfd572e81fac581c5be7b0d7509febb80</a>This time, it's a drive-by thing inspired by <a href="https://social.wildeboer.net/@jwildeboer" class="u-url mention" rel="nofollow noopener" target="_blank">@jwildeboer</a> who's working on S/MIME X.509 certificates: the X.509 standards renamed one of the bits in the keyUsage extension from `nonRepudiation` to `contentCommitment`, and OpenSSL only understood the old name.Slowly improving the world one commit at a time.

Timo J<a href="https://rattodon.nexus/@rolenthedeep" class="u-url mention" rel="nofollow noopener" target="_blank">@rolenthedeep</a> I guess I’m in the 1% who doesn’t care what <a href="https://mastodon.online/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#Apple</a> does from a UX perspective but would prefer it did a better job keeping <a href="https://mastodon.online/tags/libcurl" class="mention hashtag" rel="nofollow noopener" target="_blank">#libcurl</a>, <a href="https://mastodon.online/tags/openssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#openssl</a>, and other core libraries up to date.

Richard Levitte<a href="https://mastodon.sl/@afink" class="u-url mention" rel="nofollow noopener" target="_blank">@afink</a> <a href="https://mastodon.social/@bagder" class="u-url mention" rel="nofollow noopener" target="_blank">@bagder</a> <a href="https://mastodon.nu/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSL</a> has some migration guides, are those functions not included in there? Which two?

daniel:// stenberg://I nominate <a href="https://docs.openssl.org/3.3/man3/d2i_X509/" rel="nofollow noopener" translate="no" target="_blank">https://docs.openssl.org/3.3/man3/d2i_X509/</a> as <a href="https://mastodon.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSL</a>'s worst man page. And there's fierce competition for that award.And in the end it does not even mention the weird behavior: it stores errors in an internal queue which mysteriously makes the *next* invoked function fail...

Nicola Tuveri<a href="https://floss.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSL</a> 📢 -- OpenSSL Foundation endorses UN Open Source Principles🔗 <a href="https://openssl-foundation.org/post/2025-08-07-un-open-source-principles/?utm_source=atom_feed" rel="nofollow noopener" translate="no" target="_blank">https://openssl-foundation.org/post/2025-08-07-un-open-source-principles/?utm_source=atom_feed</a>From <a href="https://floss.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSL</a> -- Blog on OpenSSL Foundation

PhreakByteI can confirm, <a href="https://infosec.exchange/tags/openssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#openssl</a> team doesn't just merge new features 😆

ClemensImproving the world, one PR at a time: <a href="https://github.com/smallstep/crypto/pull/811" rel="nofollow noopener" translate="no" target="_blank">https://github.com/smallstep/crypto/pull/811</a>The next release of <a href="https://chaos.social/tags/smallstep" class="mention hashtag" rel="nofollow noopener" target="_blank">#smallstep</a> step-ca will accept the old name "nonRepudiation" in the X.509v3 keyUsage extension as a UX improvement for users coming from, e.g., <a href="https://chaos.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSL</a>.Inspired by <a href="https://social.wildeboer.net/@jwildeboer" class="u-url mention" rel="nofollow noopener" target="_blank">@jwildeboer</a>: <a href="https://social.wildeboer.net/@jwildeboer/114964280013823176" rel="nofollow noopener" translate="no" target="_blank">https://social.wildeboer.net/@jwildeboer/114964280013823176</a> This stuff is hard enough without such pitfalls, no need to make it more complicated by green bikesheds, er, naming discussions.<a href="https://chaos.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#cryptography</a>

Clemens'We are pleased to inform you that we accept your proposal “<a href="https://chaos.social/tags/RedHat" class="mention hashtag" rel="nofollow noopener" target="_blank">#RedHat</a>'s path to post-quantum cryptography with OpenSSL” for the <a href="https://chaos.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSL</a> Conference'Looks like I'm going to Prague in October!

MynacolAnd for some more context: Did you know <a class="hashtag" href="https://social.mynacol.xyz/tag/openssl" rel="nofollow noopener" target="_blank">#openssl</a> 3.x is quite poor in its performance? <a href="https://www.haproxy.com/blog/state-of-ssl-stacks" rel="nofollow noopener" target="_blank">https://www.haproxy.com/blog/state-of-ssl-stacks</a>

MynacolI finally tried to replace <a class="hashtag" href="https://social.mynacol.xyz/tag/openssl" rel="nofollow noopener" target="_blank">#openssl</a> with <a class="hashtag" href="https://social.mynacol.xyz/tag/aws" rel="nofollow noopener" target="_blank">#aws</a>-lc on some of my services. Unfortunately, <a class="hashtag" href="https://social.mynacol.xyz/tag/nginx" rel="nofollow noopener" target="_blank">#nginx</a> and <a class="hashtag" href="https://social.mynacol.xyz/tag/mosquitto" rel="nofollow noopener" target="_blank">#mosquitto</a> lack support for it. Instead, I successfully switched <a class="hashtag" href="https://social.mynacol.xyz/tag/bind" rel="nofollow noopener" target="_blank">#BIND</a> to use aws-lc.I later also noticed that the <a class="hashtag" href="https://social.mynacol.xyz/tag/rustls" rel="nofollow noopener" target="_blank">#rustls</a> compatibility shim is in nixpkgs 25.05, but here BIND is missing some variables. And despite the wrapper being explicitly made for nginx, it also fails here with<pre><code>/nix/store/mkvc0lnnpmi604rqsjdlv1pmhr638nbd-binutils-2.44/bin/ld: objs/src/stream/ngx_stream_ssl_module.o: in function `ngx_stream_ssl_servername': /build/nginx-1.28.0/src/stream/ngx_stream_ssl_module.c:606:(.text+0xd59): undefined reference to `SSL_SESSION_get0_hostname' </code></pre>A shame. I wanted to change to more modern libraries.Untested: <a class="hashtag" href="https://social.mynacol.xyz/tag/dovecot" rel="nofollow noopener" target="_blank">#dovecot</a> and <a class="hashtag" href="https://social.mynacol.xyz/tag/postfix" rel="nofollow noopener" target="_blank">#postfix</a> (they lack a <code>services.(dovecot2|postfix).package</code> variable to easily change the used package. A PR for dovecot is already open to add support for it.

testssl.sh :verified:testssl.sh makes it easier now for also for MacOS users to run a <a href="https://infosec.exchange/tags/QUIC" class="mention hashtag" rel="nofollow noopener" target="_blank">#QUIC</a> protocol test -- if you have <a href="https://infosec.exchange/tags/openssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#openssl</a> from e.g. <a href="https://infosec.exchange/tags/homebrew" class="mention hashtag" rel="nofollow noopener" target="_blank">#homebrew</a> installed.It automagically uses that one for testing QUIC then, in 3.3dev.

DanielVersion 5.21 of the open source encryption protocol AmiSSL has been released for AmigaOS 3 and 4, which is now based on the latest version 3.5.1 (2025/07/01) of OpenSSL. <a href="https://www.amiga-news.de/en/news/AN-2025-07-00003-EN.html" rel="nofollow noopener" translate="no" target="_blank">https://www.amiga-news.de/en/news/AN-2025-07-00003-EN.html</a><a href="https://fosstodon.org/tags/Amiga" class="mention hashtag" rel="nofollow noopener" target="_blank">#Amiga</a> <a href="https://fosstodon.org/tags/AmigaOS3" class="mention hashtag" rel="nofollow noopener" target="_blank">#AmigaOS3</a> <a href="https://fosstodon.org/tags/AmigaOS4" class="mention hashtag" rel="nofollow noopener" target="_blank">#AmigaOS4</a> <a href="https://fosstodon.org/tags/AmiSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#AmiSSL</a> <a href="https://fosstodon.org/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSL</a>

Richard Levitte<a href="https://mastodon.social/@Viss" class="u-url mention" rel="nofollow noopener" target="_blank">@Viss</a> <a href="https://mastodon.social/@bagder" class="u-url mention" rel="nofollow noopener" target="_blank">@bagder</a> For some, it seems to work. My experience of bug bounties (through <a href="https://mastodon.nu/tags/openssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#openssl</a>) has mostly been slop, even before AI entered the scene. <a href="https://mastodon.social/@bagder" class="u-url mention" rel="nofollow noopener" target="_blank">@bagder</a> has had a better experience, it seems.

Christoff, the humanDecided to not use <a href="https://oldbytes.space/tags/libev" class="mention hashtag" rel="nofollow noopener" target="_blank">#libev</a> and use <a href="https://oldbytes.space/tags/libevent" class="mention hashtag" rel="nofollow noopener" target="_blank">#libevent</a> instead for socket/timer/event loop/callback system. Other than I trust it more, I like the baked in <a href="https://oldbytes.space/tags/openssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#openssl</a> support (will use for <a href="https://oldbytes.space/tags/telnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#telnet</a>+tls later).Additionally, going to try out sqlcipher (<a href="https://oldbytes.space/tags/sqlite3" class="mention hashtag" rel="nofollow noopener" target="_blank">#sqlite3</a> + AES encryption baked in) for data storage. Everything will be stored in a sqlite3 database.Using cmake and pkg-config, <a href="https://oldbytes.space/tags/C" class="mention hashtag" rel="nofollow noopener" target="_blank">#C</a>, sqlite3 (sqlcipher), libevent, and openssl. Decided to just focus on developing the software on KDE neon distro (Ubuntu LTS) and worry about other OSes later. I spent too much time worrying about ease of build/install instructions for other operating systems instead of just deciding and moving forward.<a href="https://oldbytes.space/tags/BBS" class="mention hashtag" rel="nofollow noopener" target="_blank">#BBS</a> <a href="https://oldbytes.space/tags/NecroNeonBBS" class="mention hashtag" rel="nofollow noopener" target="_blank">#NecroNeonBBS</a> <a href="https://oldbytes.space/tags/Vaporware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Vaporware</a>

Felix Palmen :freebsd: :c64:Just released: <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener" target="_blank">#swad</a> 0.12 🥂swad is the "Simple Web Authentication Daemon". It basically offers adding form + <a href="https://mastodon.bsd.cafe/tags/cookie" class="mention hashtag" rel="nofollow noopener" target="_blank">#cookie</a> <a href="https://mastodon.bsd.cafe/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#authentication</a> to your reverse proxy (designed for and tested with <a href="https://mastodon.bsd.cafe/tags/nginx" class="mention hashtag" rel="nofollow noopener" target="_blank">#nginx</a> "auth_request"). I created it mainly to defend against <a href="https://mastodon.bsd.cafe/tags/malicious_bots" class="mention hashtag" rel="nofollow noopener" target="_blank">#malicious_bots</a>, so among other credential checker modules for "real" logins, it offers a proof-of-work mechanism for guest logins doing the same <a href="https://mastodon.bsd.cafe/tags/crypto" class="mention hashtag" rel="nofollow noopener" target="_blank">#crypto</a> <a href="https://mastodon.bsd.cafe/tags/challenge" class="mention hashtag" rel="nofollow noopener" target="_blank">#challenge</a> known from <a href="https://mastodon.bsd.cafe/tags/Anubis" class="mention hashtag" rel="nofollow noopener" target="_blank">#Anubis</a>.swad is written in pure <a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener" target="_blank">#C</a> with minimal dependencies (<a href="https://mastodon.bsd.cafe/tags/zlib" class="mention hashtag" rel="nofollow noopener" target="_blank">#zlib</a>, <a href="https://mastodon.bsd.cafe/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSL</a> or compatible, and optionally <a href="https://mastodon.bsd.cafe/tags/PAM" class="mention hashtag" rel="nofollow noopener" target="_blank">#PAM</a>), and designed to work on any <a href="https://mastodon.bsd.cafe/tags/POSIX" class="mention hashtag" rel="nofollow noopener" target="_blank">#POSIX</a> system. It compiles to a small binary (200 - 300 kiB depending on compiler and target platform).This release brings (among a few bugfixes) improvements to make swad fit for "heavy load" scenarios: There's a new option to balance the load across multiple service worker threads, so all cores can be fully utilized if necessary, and it now keeps lots of transient objects in pools for reuse, which helps to avoid memory fragmentation and ultimately results in lower overall memory consumption.Read more about it, download the .tar.xz, build and install it .... here:<a href="https://github.com/Zirias/swad" rel="nofollow noopener" translate="no" target="_blank">https://github.com/Zirias/swad</a>

Frühere Suchanfragen

Suchoptionen

Verwaltet von:

Serverstatistik:

#openssl