Angus Robertson 526 Posted February 8, 2023 OpenSSL has released new versions of the two supported branches, 3.0.8 and 1.1.1t, Windows binaries are available in SVN and the overnight zip file and separately from http://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp These releases fix several security issues in most versions of OpenSSL, one of which CVE-2023-0286 is rated high relating to processing badly formed X509 certificates and X.400 addresses but can only be exploited if CRL checking is enabled, whereas ICS uses OCSP instead. There are other moderate rated security issues which will mostly just crash the application if exploited. Details of all fixed 3.0 security issues are at https://www.openssl.org/news/vulnerabilities-3.0.html Separately YuOpenSSL has released both these versions as commercial DCUs allowing applications to be used with OpenSSL without needing separate DLLs. Angus 1 Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}
