![]() Yet our default install of Windows 11 has a DLL file called libcrypto.dll in its System folder, which is a filename typically associated with OpenSSL. Windows has its own independently developed and maintained encryption library with the wacky name Cryptography API: Next Generation (CNG), so in theory you would not expect to have to worry about OpenSSL on Windows at all. Sadly, there’s no easy answer to that question, because the relationship between Windows and OpenSSL is complicated. Nevertheless, the only sensible advice we can give at this stage is, “Update OpenSSL if you have it.” Where to start?įor SecOps teams and IT staff, that sort of advice makes sense, even if it raises the immediate question, “Where and how to start?”įor everyone else, like Naked Security commenter none, there’s an even more perplexing concern, namely, “I have no idea what I’m supposed to update. The legacy 1.1.1 version is still much more widely used than version 3.0, which reduces the number of servers that these bugs will directly affect.
0 Comments
Leave a Reply. |