You are here

OpenSSL 1.0.1k Release: 8 Security Issues Fixed

CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570
OpenSSL, DH, Certificate, RSA, SSL, TLS

OpenSSL released a security advisory on 8. January 2015 describing 8 vulnerabilities fixed in the newest release (i.a. 1.0.1k).

No OpenSSL update is required. The vulnerabilities are not relevant for Airlock WAF.


  • CVE-2014-3571, CVE-2015-0206: Affects DTLS protocol which is not used by Airlock WAF.
  • CVE-2014-3569, CVE-2015-0204: Airlock WAF is not affected because the configuration and build options "SSL_OP_EPHEMERAL_RSA" and "no-ssl3" are not used.
  • CVE-2014-3572: Affects only client installations of OpenSSL
  • CVE-2015-0205, CVE-2014-8275, CVE-2014-3570: Low public risk rating. Airlock WAF may only be affected in very rare setups (DH keys signed by CA, Certificate Fingerprint based security checks) and the risk of an exploitation is low.

No action required.

Airlock WAF protects vulnerable OpenSSL back-ends from external attacks by terminating SSL/TLS.

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Does not affect back-end behind Airlock