Angus Robertson 526 Posted November 3, 2022 OpenSSL has released new versions of the two supported branches, 3.0.7 and 1.1.1s, Windows binaries are available from http://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp . OpenSSL 3.0.7 fixes two serious security bugs in 3.0.0 and later relating to verifying X509 certificates with email punycode (non-ASCII characters) name constraint checking, that can cause a crash. These bugs can only happen after a certificate chain has been successfully checked, mainly in client applications (or servers that request and verify client certificates) so should not happen with self signed certificates. Another security bug fixed related to using null encryption, which ICS doesn't use. Also, the RIPEMD160 hash no longer requires the legacy provider. OpenSSL 1.1.1s has general bug fixes. Separately YuOpenSSL has released both these versions as commercial DCUs allowing applications to be used with OpenSSL without needing separate DLLs. Angus 1 1 Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}
