OpenSSL 1.1.1d 軟體資訊交流 Mac

winXmac軟體社群 Mac 開發工具 OpenSSL Software Foundation 免費軟體 Rate 100

OpenSSL for Mac,軟體教學,軟體下載,軟體社群,Windows軟體,Mac軟體

OpenSSL 1.1.1d Mac

可以使用 OpenSSL for Mac 工具在您的項目中實現 TLS 和 SSL 加密協議。這基本上是一個開放源代碼庫,可與多個操作系統兼容,以保護您在線傳輸的數據。

Internet 數據傳輸安全性

SSL 和 TSL 協議通常用於保護在線通信的安全。他們使用身份驗證密鑰和數據加密來做到這一點,從而對重要消息保密。

該軟件為您提供了一種生成安全密鑰和加密數據的可靠方法。這樣,敏感信息可以安全地在線傳輸。 “ C”語言用於開發主庫。甚至還有一個命令行工具,可以讓您訪問可用的每個密碼和算法。


此工具支持多種加密算法。該控制台可用於通過 AES,DES,SHA- 1 或 MD5 生成個人證書和密鑰。該庫還支持使用公共密鑰的密碼學算法,包括 DSA 和 RSA。



總體而言,適用於 macOS 的 OpenSSL 是一個功能強大的實用程序,用於管理和創建各種項目的公共密鑰,私鑰和證書.

還可用:下載適用於 Windows 的 OpenSSL8898892323

檔案版本 OpenSSL 1.1.1d
檔案名稱 openssl-1.1.1d.tar.gz
檔案大小 8.4 MB
系統 Mac OS X
軟體類型 免費軟體
作者 OpenSSL Software Foundation
軟體類型 2019-09-10

What's new in this version:

- Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in theevent of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case.
- A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced.
- If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all
- For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a serialized key or calling `EC_GROUP_new_from_ecpkparameters()`/ `EC_GROUP_new_from_ecparameters()`. This prevents bypass of security hardening and performance gains, especially for curves with specialized EC_METHODs. By default, if a key encoded with explicit parameters is loaded and later serialized, the output is still encoded with explicit parameters, even if internally a "named" EC_GROUP is used for computation.
- Compute ECC cofactors if not provided during EC_GROUP construction. Before this change, EC_GROUP_set_generator would accept order and/or cofactor as NULL. After this change, only the cofactor parameter can be NULL. It also does some minimal sanity checks on the passed order.
- Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. An attack is simple, if the first CMS_recipientInfo is valid but the second CMS_recipientInfo is chosen ciphertext. If the second recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct encryption key will be replaced by garbage, and the message cannot be decoded, but if the RSA decryption fails, the correct encryption key is used and the recipient will not notice the attack. As a work around for this potential attack the length of the decrypted key must be equal to the cipher default key length, in case the certifiate is not given and all recipientInfo are tried out. The old behaviour can be re-enabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag.
- Early start up entropy quality from the DEVRANDOM seed source has been improved for older Linux systems. The RAND subsystem will wait for /dev/random to be producing output before seeding from /dev/urandom. The seeded state is stored for future library initialisations using a system global shared memory segment. The shared memory identifier can be configured by defining OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID to the desired value. The default identifier is 114.
- Correct the extended master secret constant on EBCDIC systems. Without this fix TLS connections between an EBCDIC system and a non-EBCDIC system that negotiate EMS will fail. Unfortunately this also means that TLS connections between EBCDIC systems with this fix, and EBCDIC systems without this fix will fail if they negotiate EMS
- Mingw isn't a POSIX environment per se, which means that Windows paths should be used for installation
- Changed DH_check to accept parameters with order q and 2q subgroups. With order 2q subgroups the bit 0 of the private key is not secret but DH_generate_key works around that by clearing bit 0 of the private key for those. This avoids leaking bit 0 of the private key
- Significantly reduce secure memory usage by the randomness pools

檔案下載 檔案下載