The Backend Engineering Show with Hussein Nasser artwork

High severity flaw can crash your WebServer when using OpenSSL - Let us discuss

The Backend Engineering Show with Hussein Nasser

English - March 26, 2021 07:00 - 17 minutes - 12.2 MB - ★★★★★ - 5 ratings
Technology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: When is NodeJS Single Threaded and when is it multi-Threaded?
Next Episode: Researcher bypasses Azure, and Cloudflare Reverse Proxy Security - HTTP/2 Smuggling (h2c)

On Thursday, OpenSSL maintainers released a fix for two high severity vulnerabilities, let us discuss the impact.

OpenSSL two major vulnerabilities 0:00
why OpenSSL 1:00
Bug 1 - Renegotiating TLS 1.2 (CVE-2021-3449) 3:50
Bug 2 - Cert verification bypass (CVE-2021-3450) 8:42
Update to OpenSSL 1.1.1k 12:30

Resources


https://www.openssl.org/news/vulnerabilities.html


https://arstechnica.com/gadgets/2021/03/openssl-fixes-high-severity-flaw-that-allows-hackers-to-crash-servers/