OpenSSL bug

General Programming

MarkusWinter 7 July 2022 05:43 1

Those using OpenSSL version 3.0 should update to 3.0.5.

Those using OpenSSL version 1.1.1 should update to 1.1.1q.

See OpenSSL fixes two “one-liner” crypto bugs – what you need to know – Naked Security

What options are there for those still using older Xojo versions?

MonkeybreadSoftware 7 July 2022 11:06 2

I am recompiling my stuff today with the openssl update.

Tim 7 July 2022 13:41 3

The Crypto module doesn’t offer OCB mode so one of the bugs you don’t have to worry about. The other I don’t know enough about to speak on.

Xojo developer options include:

Developers using exclusively Xojo will have to file a ticket and wait for an update
Developers using plugins that bundle OpenSSL should check for new versions
Developers bundling OpenSSL will have to rebuild it

Hope this helps.

thommcgrath 7 July 2022 14:55 4

Xojo’s Crypto module is built on Crypto++, not OpenSSL. I believe their SSLSocket uses it though. As for updating older versions, you can’t. You’ll need to switch to third-party options, such as MBS.

npalardy 7 July 2022 15:02 5

MBS ?

however if things like postgresql etc use OpenSSL then only Xojo can update those