Richard Levitte<p><span class="h-card" translate="no"><a href="https://mastodon.social/@Viss" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Viss</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@bagder" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bagder</span></a></span><br>For some, it seems to work. My experience of bug bounties (through <a href="https://mastodon.nu/tags/openssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openssl</span></a>) has mostly been slop, even before AI entered the scene. <span class="h-card" translate="no"><a href="https://mastodon.social/@bagder" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bagder</span></a></span> has had a better experience, it seems.</p>
mastodon.ie is one of the many independent Mastodon servers you can use to participate in the fediverse.
Irish Mastodon - run from Ireland, we welcome all who respect the community rules and members.
Administered by:
Server stats:
1.6Kactive users
mastodon.ie: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#openssl
0 posts · 0 participants · 0 posts today
Christoff, the human<p>Decided to not use <a href="https://oldbytes.space/tags/libev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libev</span></a> and use <a href="https://oldbytes.space/tags/libevent" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libevent</span></a> instead for socket/timer/event loop/callback system. Other than I trust it more, I like the baked in <a href="https://oldbytes.space/tags/openssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openssl</span></a> support (will use for <a href="https://oldbytes.space/tags/telnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>telnet</span></a>+tls later).</p><p>Additionally, going to try out sqlcipher (<a href="https://oldbytes.space/tags/sqlite3" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sqlite3</span></a> + AES encryption baked in) for data storage. Everything will be stored in a sqlite3 database.</p><p>Using cmake and pkg-config, <a href="https://oldbytes.space/tags/C" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>C</span></a>, sqlite3 (sqlcipher), libevent, and openssl. </p><p>Decided to just focus on developing the software on KDE neon distro (Ubuntu LTS) and worry about other OSes later. I spent too much time worrying about ease of build/install instructions for other operating systems instead of just deciding and moving forward.</p><p><a href="https://oldbytes.space/tags/BBS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BBS</span></a> <a href="https://oldbytes.space/tags/NecroNeonBBS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NecroNeonBBS</span></a> <a href="https://oldbytes.space/tags/Vaporware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vaporware</span></a></p>
Felix Palmen :freebsd: :c64:<p>Just released: <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>swad</span></a> 0.12 🥂</p><p>swad is the "Simple Web Authentication Daemon". It basically offers adding form + <a href="https://mastodon.bsd.cafe/tags/cookie" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cookie</span></a> <a href="https://mastodon.bsd.cafe/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentication</span></a> to your reverse proxy (designed for and tested with <a href="https://mastodon.bsd.cafe/tags/nginx" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nginx</span></a> "auth_request"). I created it mainly to defend against <a href="https://mastodon.bsd.cafe/tags/malicious_bots" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malicious_bots</span></a>, so among other credential checker modules for "real" logins, it offers a proof-of-work mechanism for guest logins doing the same <a href="https://mastodon.bsd.cafe/tags/crypto" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>crypto</span></a> <a href="https://mastodon.bsd.cafe/tags/challenge" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>challenge</span></a> known from <a href="https://mastodon.bsd.cafe/tags/Anubis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Anubis</span></a>.</p><p>swad is written in pure <a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>C</span></a> with minimal dependencies (<a href="https://mastodon.bsd.cafe/tags/zlib" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zlib</span></a>, <a href="https://mastodon.bsd.cafe/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> or compatible, and optionally <a href="https://mastodon.bsd.cafe/tags/PAM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PAM</span></a>), and designed to work on any <a href="https://mastodon.bsd.cafe/tags/POSIX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>POSIX</span></a> system. It compiles to a small binary (200 - 300 kiB depending on compiler and target platform).</p><p>This release brings (among a few bugfixes) improvements to make swad fit for "heavy load" scenarios: There's a new option to balance the load across multiple service worker threads, so all cores can be fully utilized if necessary, and it now keeps lots of transient objects in pools for reuse, which helps to avoid memory fragmentation and ultimately results in lower overall memory consumption.</p><p>Read more about it, download the .tar.xz, build and install it .... here:</p><p><a href="https://github.com/Zirias/swad" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/Zirias/swad</span><span class="invisible"></span></a></p>
daniel:// stenberg://<p>Would you say this is an accurate description of (some of the) <a href="https://mastodon.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> forks family tree?</p><p>(These are the OpenSSL forks <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a> supports.)</p>
Felix Palmen :freebsd: :c64:<p>Oh boy, I have a lead! And it's NOT related to <a href="https://mastodon.bsd.cafe/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLS</span></a>. I finally noticed another pattern: <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>swad</span></a> only <a href="https://mastodon.bsd.cafe/tags/crashed" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>crashed</span></a> when running as a <a href="https://mastodon.bsd.cafe/tags/daemon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>daemon</span></a>. The daemonizing wasn't the problem, but the default logging configuration attached to it: "fake async", by letting a <a href="https://mastodon.bsd.cafe/tags/threadpool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threadpool</span></a> job do the logging.</p><p>Forcing THAT even when running in foreground, I can finally reproduce a crash. And I wouldn't be surprised if that was actually the reason for crashing "pretty quickly" with <a href="https://mastodon.bsd.cafe/tags/LibreSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LibreSSL</span></a> (and only rarely with <a href="https://mastodon.bsd.cafe/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a>), I mean, something going rogue in your address space can have the weirdest effects.</p>
Nicola Tuveri<p><a href="https://floss.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> 📢 -- OpenSSL Foundation is hiring Software Engineer (C Developer)</p><p>🔗 <a href="https://openssl-library.org/post/2025-06-19-foundation-sw-engineer/?utm_source=atom_feed" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">openssl-library.org/post/2025-</span><span class="invisible">06-19-foundation-sw-engineer/?utm_source=atom_feed</span></a></p><p>From <a href="https://floss.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> -- Blog on OpenSSL Library</p>
Felix Palmen :freebsd: :c64:<p>I need help. First the question: On <a href="https://mastodon.bsd.cafe/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeBSD</span></a>, with all ports built with <a href="https://mastodon.bsd.cafe/tags/LibreSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LibreSSL</span></a>, can I somehow use the <a href="https://mastodon.bsd.cafe/tags/clang" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>clang</span></a> <a href="https://mastodon.bsd.cafe/tags/thread" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>thread</span></a> <a href="https://mastodon.bsd.cafe/tags/sanitizer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sanitizer</span></a> on a binary actually using LibreSSL and get sane output?</p><p>What I now observe debugging <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>swad</span></a>:</p><p>- A version built with <a href="https://mastodon.bsd.cafe/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> (from base) doesn't crash. At least I tried very hard, really stressing it with <a href="https://mastodon.bsd.cafe/tags/jmeter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jmeter</span></a>, to no avail. Built with LibreSSL, it does crash.<br>- Less relevant: the OpenSSL version also performs slightly better, but needs almost twice the RAM<br>- The thread sanitizer finds nothing to complain when built with OpenSSL<br>- It complains a lot with LibreSSL, but the reports look "fishy", e.g. it seems to intercept some OpenSSL API functions (like SHA384_Final)<br>- It even complains when running with a single-thread event loop.<br>- I use a single SSL_CTX per listening socket, creating SSL objects from it per connection ... also with multithreading; according to a few sources, this should be supported and safe.<br>- I can't imagine doing that on a *single* thread could break with LibreSSL, I mean, this would make SSL_CTX pretty much pointless<br>- I *could* imagine sharing the SSL_CTX with multiple threads to create their SSL objects from *might* not be safe with LibreSSL, but no idea how to verify as long as the thread sanitizer gives me "delusional" output 😳</p>
LibreQoS<p>Short stop at <span class="h-card" translate="no"><a href="https://fosstodon.org/@devconf_cz" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>devconf_cz</span></a></span> 2025! Always great to meet <span class="h-card" translate="no"><a href="https://social.kernel.org/users/toke" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>toke</span></a></span> of <a href="https://fosstodon.org/tags/FQ_CoDel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FQ_CoDel</span></a> (<a href="https://fosstodon.org/tags/RFC8290" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RFC8290</span></a>) & <a href="https://fosstodon.org/tags/sch_CAKE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sch_CAKE</span></a> fame 🙏🛜</p><p>Check out his talk “Beware of the <a href="https://fosstodon.org/tags/kernel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kernel</span></a> RTNL <a href="https://fosstodon.org/tags/mutex" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mutex</span></a>”:</p><p><a href="https://pretalx.devconf.info/devconf-cz-2025/talk/WQDUDJ/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">pretalx.devconf.info/devconf-c</span><span class="invisible">z-2025/talk/WQDUDJ/</span></a></p><p><a href="https://fosstodon.org/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://fosstodon.org/tags/defineFUTURE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>defineFUTURE</span></a> <a href="https://fosstodon.org/tags/latency" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>latency</span></a> <a href="https://fosstodon.org/tags/devconf_cz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devconf_cz</span></a> <a href="https://fosstodon.org/tags/LibreQoS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LibreQoS</span></a> <a href="https://fosstodon.org/tags/bufferbloat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bufferbloat</span></a> <a href="https://fosstodon.org/tags/QoE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>QoE</span></a> <a href="https://fosstodon.org/tags/FLOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FLOSS</span></a> <a href="https://fosstodon.org/tags/jitter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jitter</span></a> <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://fosstodon.org/tags/RedHat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RedHat</span></a> <a href="https://fosstodon.org/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> <a href="https://fosstodon.org/tags/DevConf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevConf</span></a> <a href="https://fosstodon.org/tags/TokeHoilandJorgensen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TokeHoilandJorgensen</span></a> <a href="https://fosstodon.org/tags/QoS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>QoS</span></a></p>
PurpleJillybeans :PrideDisk:<p>:DuckDuckGo: <a href="https://kind.social/tags/DuckDuckFedi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DuckDuckFedi</span></a> :</p><p>Where could I find docs for historical versions of <a href="https://kind.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a>? I'm trying to set up a CA for <a href="https://kind.social/tags/RetroComputing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RetroComputing</span></a> machines with OpenSSL 0.9.6b, but the little bit of documentation that came with it isn't telling me much. Basically need to create a CA certificate I can put on client machines so that they won't complain about self-signed certs.</p>
daniel:// stenberg://<p>"download time is reduced by ~13%" (for <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a>)</p><p>... by adding some odd <a href="https://mastodon.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> functions we didn't know existed.</p><p><a href="https://github.com/curl/curl/pull/17548" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/curl/curl/pull/17548</span><span class="invisible"></span></a></p>
Felix Palmen :freebsd: :c64:<p>More interesting progress trying to make <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>swad</span></a> suitable for very busy sites!</p><p>I realized that <a href="https://mastodon.bsd.cafe/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLS</span></a> (both with <a href="https://mastodon.bsd.cafe/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> and <a href="https://mastodon.bsd.cafe/tags/LibreSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LibreSSL</span></a>) is a *major* bottleneck. With TLS enabled, I couldn't cross 3000 requests per second, with somewhat acceptable response times (most below 500ms). Disabling TLS, I could really see the impact of a <a href="https://mastodon.bsd.cafe/tags/lockfree" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lockfree</span></a> queue as opposed to one protected by a <a href="https://mastodon.bsd.cafe/tags/mutex" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mutex</span></a>. With the mutex, up to around 8000 req/s could be reached on the same hardware. And with a lockfree design, that quickly went beyond 10k req/s, but crashed. 😆</p><p>So I read some scientific papers 🙈 ... and redesigned a lot (*). And now it finally seems to work. My latest test reached a throughput of almost 25k req/s, with response times below 10ms for most requests! I really didn't expect to see *this* happen. 🤩 Maybe it could do even more, didn't try yet.</p><p>Open issue: Can I do something about TLS? There *must* be some way to make it perform at least a *bit* better...</p><p>(*) edit: Here's the design I finally used, with a much simplified "dequeue" because the queues in question are guaranteed to have only a single consumer: <a href="https://dl.acm.org/doi/10.1145/248052.248106" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dl.acm.org/doi/10.1145/248052.</span><span class="invisible">248106</span></a></p>
Kushal Das :python: :tor:<p>I wrote about <a href="https://toots.dgplug.org/tags/openssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openssl</span></a> <a href="https://toots.dgplug.org/tags/jdk21" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jdk21</span></a> and <a href="https://toots.dgplug.org/tags/pkcs12" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pkcs12</span></a> <a href="https://toots.dgplug.org/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptography</span></a> <a href="https://toots.dgplug.org/tags/debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>debian</span></a> <a href="https://toots.dgplug.org/tags/fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fedora</span></a> <a href="https://kushaldas.in/posts/openssl-legacy-and-jdk-21.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">kushaldas.in/posts/openssl-leg</span><span class="invisible">acy-and-jdk-21.html</span></a> <br><a href="https://toots.dgplug.org/tags/java" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>java</span></a></p>
openSUSE Linux<p>May’s <a href="https://fosstodon.org/tags/Tumbleweed" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tumbleweed</span></a> update rolled out <a href="https://fosstodon.org/tags/QEMU" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>QEMU</span></a> 10.0 for improved virtualization 🖥️⚡ and <a href="https://fosstodon.org/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> 3.5.0 with post-<a href="https://fosstodon.org/tags/quantum" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>quantum</span></a> <a href="https://fosstodon.org/tags/crypto" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>crypto</span></a> 💡Security got serious with <a href="https://fosstodon.org/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> fixes 🛡️ <a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openSUSE</span></a> <a href="https://news.opensuse.org/2025/06/02/tw-monthly-update-may/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.opensuse.org/2025/06/02/t</span><span class="invisible">w-monthly-update-may/</span></a></p>
// foss.events<p>New on // foss.events: OpenSSL Conference on 07-09 October 2025 in Vienna House by Wyndham Diplomat Prague in <a href="https://fosstodon.org/tags/Prague" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Prague</span></a>, <a href="https://fosstodon.org/tags/Czech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Czech</span></a> Republic </p><p>Find out more on <a href="https://foss.events/2025/10-07-openssl-conference.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">foss.events/2025/10-07-openssl</span><span class="invisible">-conference.html</span></a></p><p>Call for participation is running until 31.05.2025</p><p><a href="https://fosstodon.org/tags/foss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>foss</span></a> <a href="https://fosstodon.org/tags/floss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>floss</span></a> <a href="https://fosstodon.org/tags/freesoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freesoftware</span></a> <a href="https://fosstodon.org/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://fosstodon.org/tags/events" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>events</span></a> <a href="https://fosstodon.org/tags/europe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>europe</span></a> <a href="https://fosstodon.org/tags/openssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openssl</span></a></p>
Nicola Tuveri<p><a href="https://floss.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> 📢 -- The OpenSSL Corporation and the OpenSSL Foundation Launch Distinguished Contributor Awards with OpenSSL 3.5 Honorees</p><p>🔗 <a href="https://openssl-corporation.org/post/2025-05-20-3.5-awards/?utm_source=atom_feed" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">openssl-corporation.org/post/2</span><span class="invisible">025-05-20-3.5-awards/?utm_source=atom_feed</span></a></p><p>From <a href="https://floss.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> -- Blog on OpenSSL Corporation</p>
pfriedmaJust got to play the game that appears to go<br><br>1. OpenSSL announced a low severity issue with NPN (cve2024-5535)<br><br>2. AI posts about this raise urgency, using language like "critical" <br><br>3. A few repos create untested and unverified "exploits" using AI on GitHub <br><br>4. Tenable picks up on 2,3 marks as critical with remotely exploitable RCE citing no actual sources (just an ouroboros of machine generated content linking to other machine generated content)<br><br>5. Non-vulnerable (AFAIK server code using ALPN) machine gets flagged and we have to do something because other machine told us to <br><br>😂<br><br>Maybe I'm severely mistaken but as far as I can tell this is really not something that should actually be critical?Right? <br><a class="hashtag" href="https://pfedi.pfriedma.org/tag/infosec" rel="nofollow noopener" target="_blank">#infoSec</a> <a class="hashtag" href="https://pfedi.pfriedma.org/tag/openssl" rel="nofollow noopener" target="_blank">#OpenSSL</a>
Jiří Eischmann<p>A presentation by <span class="h-card" translate="no"><a href="https://infosec.exchange/@mold" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mold</span></a></span> at <a href="https://social.vivaldi.net/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> and <span class="h-card" translate="no"><a href="https://mastodon.social/@openalt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>openalt</span></a></span> crossover in <a href="https://social.vivaldi.net/tags/Brno" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Brno</span></a>.</p>
Felix Palmen :freebsd: :c64:<p>Adding what was missing for intermediate certificates, I had great fun with <a href="https://mastodon.bsd.cafe/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> <a href="https://mastodon.bsd.cafe/tags/API" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>API</span></a> again. I mean, it never gets old. First test gave me a nice crash of <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>swad</span></a>. Because ....</p><p>Well, to use a certificate (type X509 *), you call SSL_CTX_use_certificate(). Docs say "On success the reference counter of the x is incremented." (where x means the certificate). Great, so, call X509_free() directly afterwards to ensure this certificate gets destroyed whenever the SSL context gets destroyed.</p><p>So, just call the same function again for the intermediate certificates? No ... but there's SSL_CTX_add_extra_chain_cert() which *can* be used multiple times. Nice, call it in a loop as long as I find additional certificates in the cert file, and X509_free() them all directly after adding.</p><p>And then observe the crash. Well, it's documented, the manpage for SSL_CTX_add_extra_chain_cert() tells:</p><p>"The x509 certificate provided to SSL_CTX_add_extra_chain_cert() will be freed by the library when the SSL_CTX is destroyed. An application should not free the x509 object."</p><p>So, clearly my fault not reading this before. Consistency in API design is so overrated. 🤪</p>
Nicola Tuveri<p><a href="https://floss.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> 📢 -- Call for speakers at the inaugural OpenSSL Conference</p><p>🔗 <a href="https://openssl-foundation.org/post/2025-05-14-call-for-speakers/?utm_source=atom_feed" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">openssl-foundation.org/post/20</span><span class="invisible">25-05-14-call-for-speakers/?utm_source=atom_feed</span></a></p><p>From <a href="https://floss.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> -- Blog on OpenSSL Foundation</p>
Andreas Scherbaum<p>Today's random number is 17</p><p>Why, you ask? It's 17 years since the <a href="https://mastodon.social/tags/Random" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Random</span></a> Number <a href="https://mastodon.social/tags/Bug" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bug</span></a> in <a href="https://mastodon.social/tags/Debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Debian</span></a>.</p><p>In this bug the seed for the <a href="https://mastodon.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> PRNG was very predictable, resulting as example in a very small number of <a href="https://mastodon.social/tags/ssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssh</span></a> keys. Plenty of keys had to be re-generated.</p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload