After the Heartbleed bug in 2014 showed how widely used OpenSSL was — practically all of the internet scrambled to patch applications — the project team committed to reworking and improving the popular open source encryption package. The resulting work, OpenSSL 1.1, is a dramatic restructuring of the encryption software and appears to be a significant improvement over the current version.
Yet the extensive code rework means OpenSSL 1.1, currently in beta testing, faces a significant adoption challenge after its public release: The cryptographic module for OpenSSL 1.1 is currently not FIPS-140-2 validated, which means government agencies will not be allowed to use the new version.
To read this article in full or to leave a comment, please click here