How to find OpenSSL 1.1 instances
On September 11th, the venerable OpenSSL 1.1.1 reached its end of life date.
That means that it will no longer be receiving publicly-available security fixes.
Users without a third-party extended support contract will no longer receive security fixes or updates.
With this end-of-life announcement, no versions of OpenSSL prior to 3.0.0 are publicly supported.
What is OpenSSL?
OpenSSL is a library that implements a large variety of security functionality, including the Transport Layer Security (TLS) cryptographic protocol that underlies most secure protocols on the Internet like HTTPS.
It also provides the cryptographic functionality needed to compute secure hashes, validate certificates, and perform various other critical operations involving cryptography.
(The early versions of TLS were known as the Secure Sockets Layer, hence “SSL” in the name.)
OpenSSL is extremely widely deployed, and is built into or included by default in a large number of operating systems and distributions.
It is present in countless embedded and mobile devices, and is used by the majority of websites on the Internet to secure their traffic.
Despite (or because of) its popularity, numerous vulnerabilities have been discovered in OpenSSL over the years.
Perhaps most famously, the Heartbleed vulnerability, disclosed in 2014, allowed for sensitive memory disclosure.
Are updates available?
OpenSSL 3.0.0 is available and publicly supported until 2026, while OpenSSL 3.1.0 is available and publicly supported until 2025.
A migration guide has been made available to ease upgrades to these new versions.
How do I find older versions of OpenSSL with runZero?
Detecting OpenSSL can be difficult, since it is a library used by countless other software products.
However, runZero’s advanced scanning and fingerprinting is often able to detect the OpenSSL version used by analyzing the telltale features of cryptographic exchanges.
To find services running on your network that use OpenSSL 1.1.1 or earlier, you can use the following query in the runZero asset inventory:
tls.stack:"openssl=1.1"
Results from the above query should be triaged to determine if they require patching or vendor intervention.
As always, any prebuilt queries are available from your runZero console. Check out the documentation for other useful inventory queries.
About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.
