R16.3v10: An Important Security Change

Today we’ve released the latest version of R16.3, R16.3v10.

This release, and all subsequent updates include OpenSSL 1.0.1s or later in order to address the OpenSSL Security Advisory described here.

This version of OpenSSL removes the availability of all unrestricted cipher suites. This means all ciphers of 56 bits or less have been removed from this release. In practice this means that if you wish to use TLS, you will need an export-controlled High Grade Encryption (HGE) license from Isode. These licenses are subject to export control.

Please read the page on Transport Layer Security for a further description of HGE.

If you wish to continue using TLS and your license does not currently include HGE, or if you are unsure, please contact license@isode.com for further details. You should obtain the new license file prior to installing the new version.

An update has been issued for the R16.2 branch (R16.2v21) to address this security advisory, releases for all other supported branches will be issued over the next week and announced on our twitter feed using #release.

Leave a Reply

Your email address will not be published.