DigiCert Blog

All posts by: Jason Sabin

About Jason Sabin

DigiCert's Chief Security Officer, Jason Sabin, develops innovative products and features to simplify SAAS-based digital certificate management. Previously he oversaw Novell’s Security Review Board and built their first pen testing teams. He has filed over 50 patents, earning him the “Utah Genius” award.

  1. OpenSSL Patches “HIGH” Security Vulnerability in 1.1.0

    Early this morning, the OpenSSL project team released the security patch 1.1.0e to fix a “HIGH” severity security vulnerability found in OpenSSL 1.1.0. Version 1.0.2 is not affected. However, system admins should patch their 1.1.0 OpenSSL framework immediately. This bug does not affect SSL/TLS certificates. No actions related to SSL/TLS certificate management are required. Encrypt-Then-Mac…


  2. OpenSSL Patches 3 Security Vulnerabilities in OpenSSL 1.1.0

    This morning, the OpenSSL project team released the security patch 1.1.0c for three security vulnerabilities discovered in OpenSSL 1.1.0. This patches fix one “high severity,” one “moderate severity,” and one “low severity” vulnerabilities. None of these bugs affect SSL/TLS certificates. No actions related to SSL/TLS certificate management are required. Source code for all the OpenSSL…


  3. OpenSSL Patches “Critical” & “Moderate” Security Vulnerabilities

    Early this morning, the OpenSSL project team released two security patches—1.1.0b, and 1.0.2j—for two security vulnerabilities discovered in OpenSSL. These two new patches fix a “critical” severity vulnerability found in version 1.1.0a and a “moderate” severity vulnerability found in versions 1.0.2i. Neither of these bugs affect your SSL/TLS Certificates, and no actions are required related…


  4. OpenSSL Patches 14 Security Vulnerabilities

    Early this morning, the OpenSSL project team released three security patches—1.1.0a, 1.0.2i,  and 1.0.1u—for 14 security vulnerabilities discovered in OpenSSL. These three new patches fix one “high” severity, one “moderate” severity, and 12 “low” severity vulnerabilities. None of these bugs affect your SSL/TLS Certificates, and no actions are required related to SSL/TLS Certificate management. Source…


  5. Sweet32 Birthday Attack: What You Need to Know

    Today, researchers announced the Sweet32 Birthday attack, which affects the triple-DES cipher. Although the OpenSSL team rated the triple-DES vulnerability as low, they stated “triple-DES should now be considered as ‘bad’ as RC4.” DigiCert security experts as well as other security pros recommend disabling any triple-DES cipher on your servers. The Sweet32 Birthday attack does not affect…