testssl.sh 
The will be a bigger update on the client simulation soon
- Apple's OS 26.x finally support one #KEM (X25519MLKEM768)
- #OpenSSL >=4.0.0 comes with new curves, some #SM2 related. And with a whopping 27 signature algorithms
YücelTurboQuant Sessiz Çökme Sorunu ve OpenSSL 3 Çözümü
Yerel yapay zeka modellerinde 128K gibi devasa context pencerelerine yelken açmak isterken llama-server.exe'nin hiçbir hata vermeden anında kapanmasıyla karşılaştım. TheTom/llama-cpp-turboquant Windows CUDA 12.4 paketinde unutulan OpenSSL DLL'lerini (STATUS_DLL_NOT_FOUND) ve winget ile LTS sürümünü kurarak bu can sıkıcı problemi kendi sistemimde nasıl çözdüğümü anlattım.
https://yuceltoluyag.github.io/turboquant-sessiz-cokme-cozumu/
Julien RiouDoes anyone know of a ssl-cert template to generate an ECC private key instead of RSA with make-ssl-cert?
https://manpages.debian.org/testing/ssl-cert/make-ssl-cert.8.en.html
Dr. Bruce Simpson@bascule "Made you look". Comparative FFI study this AM. I had reason to examine #PyCA #cryptography after reading @filippo and seeing it used #CFFI, not #Cython, and Rust-ified its underlying #OpenSSL API exposure with #C linkage using #Rust #unsafe blocks. Go figure. I just use #libsodium for most things because it ROCKS.
sayzardNginx.org/En/Changes
Nginx 1.31.0 버전에서 다수의 심각한 보안 취약점(CVE-2026-42926, CVE-2026-42945 등)이 수정되었으며, HTTP/2 및 HTTP/3 프로토콜 관련 보안 강화와 함께 여러 신규 기능(예: ngx_http_tunnel_module 인증 지원, upstream 블록 내 least_time 지시어)도 추가되었다. 이전 버전들(1.29.x)에서도 OpenSSL 4.0 호환성, HTTP/2 지원, 세션 어피니티, ECH(Encrypted ClientHello) 지원 등 AI 서비스 인프라 운영에 중요한 네트워크 및 보안 기능 개선이 포함되어 있다. 이번 릴리스들은 AI 서비스 개발 및 운영 시 Nginx를 사용하는 환경에서 보안과 성능을 크게 향상시킬 수 있는 중요한 업데이트다.
I read OpenSSL for fun and found a nonce leak
OpenSSL 4.0.0의 SLH-DSA 서명 구현에서 랜덤 nonce(주소 랜덤값)를 스택에 남겨두는 치명적이지는 않지만 보안상 취약한 버그가 발견되었다. nonce를 지워야 하는데 조건문 오류로 인해 정상 경로에서는 스택 버퍼를 지우지 않아, 프로세스 크래시 시 코어 덤프, 스왑 파일, 정보 노출 취약점과 연계될 수 있다. ML-DSA 구현과 비교해보면 SLH-DSA 코드가 변수 혼동으로 인해 클렌징 로직이 잘못 작성된 것이 원인이다. 간단한 코드 수정으로 문제를 해결할 수 있으며, FIPS 140-3 준수에도 영향을 미친다.
https://blog.himanshuanand.com/2026/05/i-read-openssl-for-fun-and-found-a-nonce-leak/
I Read OpenSSL for Fun and Found a Nonce Leak
I was poking around the OpenSSL source code recently. Not really hunting for anything specific (one of the most heavily audited codebases), just curious about how the new post-quantum crypto stuff was wired up in version 4.0.0. I went in expecting to find nothing interesting. Instead I tripped over a single-character logic bug that leaks cryptographic randomness onto the stack on every signing call. Quick disclaimer: I am not a crypto person.
Paula Gentle on FriendicaSehr schön, der Fix für #CopyFail und #openssl bei #openWrt ist da. Zack, eine Minute Update, eine Minute Reboot, schon ist die #openWrt-One wieder im Rennen. Auch wenn Privilgieneskalation auf einem solchen System kaum ein Anwendungsfall sein dürfte, aber was soll's...
Der Fix für #DirtyFrag wird sicher zeitnah aufpoppen.
$ ssh root@openwrt-one owut upgrade
ASU-Server https://sysupgrade.openwrt.org
Upstream https://downloads.openwrt.org
Target mediatek/filogic
Profile openwrt_one
Package-arch aarch64_cortex-a53
Version-from 25.12.2 r32802-f505120278 (kernel 6.12.74)
Version-to 25.12.3 r32912-6639b15f62 (kernel 6.12.85)
93 packages are out-of-date
There are 0 missing and 1 modified default packages
Request hash: <xxx>
--
Status: done
Progress: 0s total = 0s in queue + 0s in build
Build succeeded in 0s total = 0s in queue + 0s to build:
Image saved : /tmp/firmware.bin
Installing /tmp/firmware.bin and rebooting...
OpenWrt 25.12.3 - Service Release
Hi, The OpenWrt community is proud to announce the third service release of the OpenWrt 25.12 stable series. Download firmware images using the OpenWrt Firmware Selector: https://firmware-selector.openwrt.org/?version=25.12.3 Download firmware images directly from our download servers: https://downloads.openwrt.org/releases/25.12.3/targets/ Main changes between OpenWrt 25.12.2 and OpenWrt 25.12.3 Only the main changes are listed below. See the full changelog for details. Security fixes ...
Peter CzanikLast week I asked in a blog about #openssl 4 support and experiences:
https://www.syslog-ng.com/community/b/blog/posts/support-for-openssl-4-0
We received a detailed answer, and also a pull request to the #syslog_ng #GitHub repo. Of course, more investigation is needed, but syslog-ng now compiles with openssl 4 🤩
HabrКак шифровать сообщения в любом мессенджере и соцсети
В нынешних условиях многим пользователям приходится по принуждению использовать незащищённые мессенджеры и социальные сети, то есть скомпрометированные каналы связи. К счастью, есть возможность передавать секретные зашифрованные сообщения по публичным открытым каналам. Это стандартная задача, которая давно решена в криптографии. Более того, зашифрованное сообщение можно сделать похожим на обычный текст или даже скрыть в обычном контенте — видео, звуковых файлах и тексте, который не вызовет подозрений у «цензора». Это область стеганографии Но прямо сейчас людям нужен простой и практичный способ шифровать сообщения, максимально удобным способом. Рассмотрим самые простые онлайновые утилиты, которые позволяют это делать.
https://habr.com/ru/companies/globalsign/articles/1030886/
#шифрование #Paranoia_Text_Encryption #LOCKPUB #GCHQ_CyberChef #AES_Utils #GnuPG #OpenSSL #ccrypt #VeraCrypt #Cryptomator
AskUbuntu