Date: Fri, 26 Mar 2021 07:00:00 GMT
<p>On Thursday, OpenSSL maintainers released a fix for two high severity vulnerabilities, let us discuss the impact.</p> <ul> <li>OpenSSL two major vulnerabilities 0:00</li> <li>why OpenSSL 1:00</li> <li>Bug 1 - Renegotiating TLS 1.2 (CVE-2021-3449) 3:50</li> <li>Bug 2 - Cert verification bypass (CVE-2021-3450) 8:42</li> <li>Update to OpenSSL 1.1.1k 12:30</li> </ul> <p>Resources</p> <p><a href="https://www.openssl.org/news/vulnerabilities.html">https://www.openssl.org/news/vulnerabilities.html</a></p> <p><a href="https://arstechnica.com/gadgets/2021/03/openssl-fixes-high-severity-flaw-that-allows-hackers-to-crash-servers/">https://arstechnica.com/gadgets/2021/03/openssl-fixes-high-severity-flaw-that-allows-hackers-to-crash-servers/</a></p>