Today OpenSSL announced a total of 14 new vulnerabilities in versions 0.9.8, 1.0.0, 1.0.1, and 1.0.2 of the OpenSSL software.
Fastly has evaluated each of these vulnerabilities and found that only one moderate-severity bug affects our configuration. We are currently testing the patch and coordinating a global release of the updated software across Fastly’s network. We anticipate no customer impact or configuration changes.
We also encourage you to update to the latest versions of OpenSSL in your own TLS clients and servers.
Thanks to the developers of OpenSSL and the individuals who helped report and coordinate the release of today’s vulnerabilities. Please feel free to contact us with questions or concerns.
You may also like:
Improving visibility into CA operation with Certificate Transparency
If you follow the security news cycle, you may have seen recent discussions about Google detecting a Certificate Authority (CA) in China improperly issuing certificates capable of transparently (that is, without warning) imitating Google...
Addressing the challenges of TLS, revocation, and OCSP
Rotation, expiration, and revocation of secrets are all important concerns that require careful and difficult up-front design. Transport Layer Security (TLS), the protocol underlying secure web traffic (HTTPS), is one of the cryptographic systems with…
TLS at the edge and server-side security
We’re huge fans of Transport Layer Security (TLS) at Fastly. Here’s a behind-the-scenes look at how we do encryption at the edge, which can also serve as overall best practices for handling server-side...