Angus Robertson 577 Posted May 6, 2022 OpenSSL has released new versions of the two supported branches, 3.0.3 and 1.1.1o, Windows binaries are available from http://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp . OpenSSL 3.0.3 fixes a moderate security risk relating to the OCSP_basic_verify function but using an option ICS does not use, a low risk problem with an incorrect MAC key used in the RC4-MD5 cipher suite but which would never be used on modern connections, and a low risk problem with resource leakage when decoding certificates and keys and clients and servers configured to accept client certificate authentication, which might eventually run out of memory. Separately YuOpenSSL has released both these versions as commercial DCUs allowing applications to be used with OpenSSL without needing separate DLLs. Angus 3 Share this post Link to post