Tag: OpenSSL

DROWN Vulnerability CVE-2016-0800 in OpenSSL Misses Most NGINX Users

A new OpenSSL vulnerability (CVE-2016-0800), called DROWN, was recently announced. It affects older versions of several widely used server technologies: SSLv2, an old version of the Secure Sockets Layer protocol. Most up‑to‑date websites don’t use Secure Sockets Layer (SSL) at all, having moved to TLS (Transport Layer Security) IIS v7. An older version of Microsoft…

Continue reading ›

Protecting NGINX Against the June 2015 OpenSSL Vulnerability (CVE-2015-1793)

This week, the OpenSSL team announced a new “high‑severity” vulnerability and published full details shortly after. This vulnerability (designated CVE‑2015‑1793) could allow a malicious user to exploit the certificate verification process in OpenSSL, allowing him to impersonate another user or website. For more information, check out this concise analysis and this detailed video overview. How…

Continue reading ›

NGINX and the 5 June 2014 OpenSSL Security Advisory

What is the Impact on NGINX of CVE‑2014‑0224 and Related OpenSSL Vulnerabilities? The OpenSSL project announced fixes to seven security vulnerabilities on 5 June 2014. The details are described in their Security Advisory. The vulnerabilities potentially affect any server application (including NGINX and NGINX Plus) that uses OpenSSL to terminate SSL/TLS traffic. They can be exploited…

Continue reading ›

NGINX and the Heartbleed Vulnerability

Are NGINX and NGINX Plus Vulnerable to the Heartbleed Vulnerability in OpenSSL? The Heartbleed bug (see and the OpenSSL advisory) is a serious vulnerability in the popular OpenSSL cryptographic software library, announced on April 7,  2014. It allows access to up to 64 KB of internal memory in affected servers, which potentially exposes sensitive information including SSL…

Continue reading ›


Download a 30 day free trial and see what you've been missing.

We'll take care of your data.


Got a question for the NGINX team?

< back


No More Tags to display