Embed SSL and TLS protocols support into your great projects

OpenSSL 1.1.1j

February, 17th 2021 - 9.4 MB - Freeware

Free Download

Security Status

Latest Version

OpenSSL 3.3.0
Operating System

Mac OS X
User Rating

Click to vote
Author / Product

OpenSSL Software Foundation / External Link
Filename

openssl-1.1.1j.tar.gz

Sometimes latest versions of the software can cause issues when installed on older devices or devices running an older version of the operating system. Software makers usually fix these issues but it can take them some time. What you can do in the meantime is to download and install an older version of OpenSSL 1.1.1j.

For those interested in downloading the most recent release of OpenSSL for Mac or reading our review, simply click here.

All old versions distributed on our website are completely virus-free and available for download at no cost.

We would love to hear from you

If you have any questions or ideas that you want to share with us - head over to our Contact page and let us know. We value your feedback!

Download OpenSSL 1.1.1j

OpenSSL 1.1.1j Screenshots

The images below have been resized. Click on them to view the screenshots in full size.

What's new in this version:

- Fixed the X509_issuer_and_serial_hash() function. It attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it was failing to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack.
- Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING padding mode to correctly check for rollback attacks. This is considered a bug in OpenSSL 1.1.1 because it does not support SSLv2. In 1.0.2 this is CVE-2021-23839.
- Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate functions. Previously they could overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call would be 1 (indicating success), but the output length value would be negative. This could cause applications to behave incorrectly or crash.
- Fixed SRP_Calc_client_key so that it runs in constant time. The previous implementation called BN_mod_exp without setting BN_FLG_CONSTTIME. This could be exploited in a side channel attack to recover the password. Since the attack is local host only this is outside of the current OpenSSL threat model and therefore no CVE is assigned.