Recently, there have been a number of vulnerabilities revealed in certain versions of the OpenSSL library. As of June 2014, we have updated our version of OpenSSL to 1.0.1h, which secures us and you against the vulnerabilities. The vulnerabilities that were fixed by the upgrade to 1.01h are listed below:
- SSL/TLS MITM vulnerability (CVE-2014-0224)
- DTLS recursion flaw (CVE-2014-0221)
- DTLS invalid fragment vulnerability (CVE-2014-0195)
- SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-019)
- SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
- Anonymous ECDH denial of service (CVE-2014-3470)
At this time, there are no reported vulnerabilities with this version of OpenSSL.