On August 6, 2014, developers at OpenSSL released new updates to resolving nine previously reported security issues categorized with a severity of moderate or less.
This next round of updates to the widely-used OpenSSL library, that most servers on the Internet rely on to implement secure SSL/TLS connections, shows that the project is actively promoting stronger security online and is constantly being reviewed for possible improvements in encryption implementation.
The minor updates to the library, 0.9.8zb, 1.0.0n and 1.0.1i, address a number of minor possible issues but do not affect the security of any website using SSL.
No SSL Certificates are affected and administrators can include the new version of OpenSSL in their regular patching and updating process.
The updated versions of the OpenSSL software address a number of possible security issues previously reported to the organization. The developers for the project identified these security fixes as moderate to low risk to enterprises that rely on OpenSSL for system security. The fixes include resolving:
Security researcher Ivan Ristic's most recent monthly scan of the top 150,000+ Internet sites’ SSL security settings showed that less than 0.5% of top sites on the Internet are still vulnerable to Heartbleed. As part of the SSL Pulse security monitoring project, Ristic says that Heartbleed updates have been "incredibly fast."
Although some reports state that a large number of sites on the Internet are still vulnerable to Heartbleed, it's important to consider that many of those sites don't deal with sensitive data or have low Internet user traffic, reducing the risk of data breaches.
An active community of devoted researchers and security experts continue to work on identifying possible threat vectors and working with online software providers and open source developers to enhance software security, especially for those projects (like OpenSSL) that are utilized by a large number of systems in order to make the Internet a safer place for all users.
The OpenSSL team has continued to make updates to the security library and no major vulnerabilities have been found. The team continues to work on new features and enhancements, along with continually reviewing the existing library for ways that it could be improved.
The next major release, OpenSSL 1.1.0 (release date TBD), will include a number of new features that further increase the reliability of the library.