Reworked OpenSSL on track for government validation

Reworked OpenSSL on track for government validation

After the Heartbleed bug in 2014 showed how widely used OpenSSL was — practically all of the internet scrambled to patch applications — the project team committed to reworking and improving the popular open source encryption package. The resulting work, OpenSSL 1.1, is a dramatic restructuring of the encryption software and appears to be a significant improvement over the current version.

Yet the extensive code rework means OpenSSL 1.1, currently in beta testing, faces a significant adoption challenge after its public release: The cryptographic module for OpenSSL 1.1 is currently not FIPS-140-2 validated, which means government agencies will not be allowed to use the new version.

To read this article in full or to leave a comment, please click here

Source: Security


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.