Skip to content

Releases: openssl/openssl

OpenSSL 3.4.1

11 Feb 14:46
Compare
Choose a tag to compare

OpenSSL 3.4.1 is a security patch release. The most severe CVE fixed in this release is High.

This release incorporates the following bug fixes and mitigations:

  • Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected. (CVE-2024-12797)

  • Fixed timing side-channel in ECDSA signature computation. (CVE-2024-13176)

OpenSSL 3.3.3

11 Feb 14:49
Compare
Choose a tag to compare

OpenSSL 3.3.3 is a security patch release. The most severe CVE fixed in this release is High.

This release incorporates the following bug fixes and mitigations:

  • Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected. (CVE-2024-12797)

  • Fixed timing side-channel in ECDSA signature computation. (CVE-2024-13176)

  • Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic curve parameters. (CVE-2024-9143)

OpenSSL 3.2.4

11 Feb 14:52
Compare
Choose a tag to compare

OpenSSL 3.2.4 is a security patch release. The most severe CVE fixed in this release is High.

This release incorporates the following bug fixes and mitigations:

  • Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected. (CVE-2024-12797)

  • Fixed timing side-channel in ECDSA signature computation. (CVE-2024-13176)

  • Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic curve parameters. (CVE-2024-9143)

OpenSSL 3.1.8

11 Feb 14:52
Compare
Choose a tag to compare

OpenSSL 3.1.8 is a security patch release. The most severe CVE fixed in this release is Low.

This release incorporates the following bug fixes and mitigations:

  • Fixed timing side-channel in ECDSA signature computation. (CVE-2024-13176)

  • Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic curve parameters. (CVE-2024-9143)

OpenSSL 3.0.16

11 Feb 14:53
Compare
Choose a tag to compare

OpenSSL 3.0.16 is a security patch release. The most severe CVE fixed in this release is Low.

This release incorporates the following bug fixes and mitigations:

  • Fixed timing side-channel in ECDSA signature computation. (CVE-2024-13176)

  • Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic curve parameters. (CVE-2024-9143)

OpenSSL 3.4.0

22 Oct 12:40
Compare
Choose a tag to compare

OpenSSL 3.4.0 has been released. You can find more details about this release in the release notes.

OpenSSL 3.4.0-beta1

07 Oct 13:53
@t8m t8m
Compare
Choose a tag to compare
OpenSSL 3.4.0-beta1 Pre-release
Pre-release

Beta 1 of OpenSSL 3.4.0 is now available: please download and test it!

OpenSSL 3.4.0-alpha1

05 Sep 12:18
@t8m t8m
Compare
Choose a tag to compare
OpenSSL 3.4.0-alpha1 Pre-release
Pre-release

Alpha 1 of OpenSSL 3.4.0 is now available: please download and test it.

OpenSSL 3.3.2

03 Sep 14:04
@t8m t8m
Compare
Choose a tag to compare

OpenSSL 3.3.2 is now available, including bug and security fixes: please download and upgrade!

OpenSSL 3.2.3

03 Sep 14:04
@t8m t8m
Compare
Choose a tag to compare

OpenSSL 3.2.3 is now available, including bug and security fixes: please download and upgrade!