High severity flaw can crash your WebServer when using OpenSSL - Let us discuss - podcast episode cover

High severity flaw can crash your WebServer when using OpenSSL - Let us discuss

The Backend Engineering Show with Hussein Nasser
Mar 26, 202118 min
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

On Thursday, OpenSSL maintainers released a fix for two high severity vulnerabilities, let us discuss the impact.

  • OpenSSL two major vulnerabilities 0:00
  • why OpenSSL 1:00
  • Bug 1 - Renegotiating TLS 1.2 (CVE-2021-3449) 3:50
  • Bug 2 - Cert verification bypass (CVE-2021-3450) 8:42
  • Update to OpenSSL 1.1.1k 12:30

Resources

https://www.openssl.org/news/vulnerabilities.html

https://arstechnica.com/gadgets/2021/03/openssl-fixes-high-severity-flaw-that-allows-hackers-to-crash-servers/

For the best experience, listen in Metacast app for iOS or Android