Flaws found in OpenSSL encryption module
The Open Source Software Institute has released a patch and a workaround for problems found in the OpenSSL library of encryption algorithms.
The module gave federal users an open-source option for Secure Sockets Layer virtual private networks when it was certified to Federal Information Processing Standard (FIPS) 140-2 under the federal Cryptographic Module Validation Programs (CMVP). Agencies are required to use FIPS-certified cryptographic products to protect sensitive but unclassified data on non-national-security networks. The patches present a dilemma for federal users of the software.
[ Read more ]