fix for CVE-2022-0778 - Githubissues

nabla-c0d3 / nassl

Experimental OpenSSL wrapper for Python 3.8+ and SSLyze.

GNU Affero General Public License v3.0

39 stars 35 forks source link

fix for CVE-2022-0778 #92

Closed blshkv closed 1 year ago

blshkv commented 2 years ago

https://security.paloaltonetworks.com/CVE-2022-0778 https://github.com/PeterMosmans/openssl/pull/56

nabla-c0d3 commented 1 year ago

Thanks. This will require updating nassl's "modern" OpenSSL to the latest 1.1.1 version. The "legacy" OpenSSL will stay vulnerable tho, as it needs to stay on 1.0.2e for SSLyze to be able to test specific issues.

nabla-c0d3 commented 1 year ago

Fix released as part of v5.0.0.