/plushcap/analysis/cloudflare/staying-ahead-of-openssl-vulnerabilities

Staying ahead of OpenSSL vulnerabilities

What's this blog post about?

On April 7, 2014, a vulnerability in OpenSSL 1.0.1 was announced, allowing attackers to reveal up to 64kB of memory to connected clients or servers (CVE-2014-0160). CloudFlare fixed this issue before it went public and all sites using their SSL service were automatically protected. OpenSSL is the core cryptographic library used by CloudFlare for SSL/TLS connections, with a large deployment on the internet. They encourage others running servers that use OpenSSL to upgrade to version 1.0.1g or recompile with the OPENSSL_NO_HEARTBEATS flag enabled for protection against this vulnerability. This bug fix exemplifies responsible disclosure, where stakeholders are given a chance to fix issues before public disclosure, helping keep the internet safe.

Company
Cloudflare

Date published
April 7, 2014

Author(s)
Nick Sullivan

Word count
281

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.