You appear to be offline. Some site functionality may not work.

March 19 OpenSSL Security Advisory

By  Daniel McCarney, Security Engineer, March 19, 2015 in Security

Today OpenSSL announced a total of 14 new vulnerabilities in versions 0.9.8, 1.0.0, 1.0.1, and 1.0.2 of the OpenSSL software.

Fastly has evaluated each of these vulnerabilities and found that only one moderate-severity bug affects our configuration. We are currently testing the patch and coordinating a global release of the updated software across Fastly’s network. We anticipate no customer impact or configuration changes.

We also encourage you to update to the latest versions of OpenSSL in your own TLS clients and servers.

Thanks to the developers of OpenSSL and the individuals who helped report and coordinate the release of today’s vulnerabilities. Please feel free to contact us with questions or concerns.


You may also like:

Subscribe to our newsletter

Improving visibility into CA operation with Certificate Transparency

If you follow the security news cycle, you may have seen recent discussions about Google detecting a Certificate Authority (CA) in China improperly issuing certificates capable of transparently (that is, without warning) imitating Google...

Addressing the challenges of TLS, revocation, and OCSP

Rotation, expiration, and revocation of secrets are all important concerns that require careful and difficult up-front design. Transport Layer Security (TLS), the protocol underlying secure web traffic (HTTPS), is one of the cryptographic systems with…

TLS at the edge and server-side security

We’re huge fans of Transport Layer Security (TLS) at Fastly. Here’s a behind-the-scenes look at how we do encryption at the edge, which can also serve as overall best practices for handling server-side...


Daniel McCarney | Security Engineer

Daniel McCarney is a security engineer at Fastly, where he tames crypto between falling off of his skateboard.