What is OpenSSL?
OpenSSL is an open-source library which deals with SSL and TLS encryption - it is a component running in the background that makes sure when you see “https” in an address in your browser, you can be sure things are secure.
It is commonly used to generate or manipulate certificates for websites and internally for applications such as Elucidat.
What has been announced regarding OpenSSL vulnerabilities?
Often when a security vulnerability is found in widely used software, a CVE (short for Common Vulnerabilities and Exposures) is made publicly available.
On the 1st November 2022, two CVEs were announced regarding the popular software security component OpenSSL:
Whilst both potentially allow code to be executed remotely on the server that OpenSSL is running on, they are in reality very hard to exploit.
Added to this is the fact that they only affect a small subset of OpenSSL releases - namely versions 3.0.0 through to 3.0.6, which has not seen widespread adoption.
Is Elucidat affected?
No. Elucidat are currently using the 1.1.1 version of OpenSSL, which is unaffected by the two CVEs and still supported by OpenSSL for another year. As such, Elucidat is not affected by these security announcements.
In the meantime, if you have any specific questions or concerns, please feel free to contact us at firstname.lastname@example.org.