OpenSSL is an open-source SSL implementation, used to implement the network communication of high-strength encryption, it is now widely used in various network applications.
OpenSSL 0.9.8 za, 1.0.0 m, 1.0.1 h prior version, does not properly handle ChangeCipherSpec messages, which allows the middle attack in certain OpenSSL-to-OpenSSL communications within the use of a zero-length master key, and then use a specially crafted TLS handshake to hijack a session and gain sensitive information.
OpenSSL TLS heartbeat read remote information disclosure Vulnerability (CVE-2014-0160) http://www.linuxidc.com/Linux/2014-04/99741.htm
OpenSSL serious bug allows an attacker to read 64k of memory, and Debian half an hour to fix http://www.linuxidc.com/Linux/2014-04/99737.htm
OpenSSL “heartbleed” security vulnerability http://www.linuxidc.com/Linux/2014-04/99706.htm
By OpenSSL to provide FTP+SSL/TLS authentication functions, and to achieve secure data transmission http://www.linuxidc.com/Linux/2013-05/84986.htm