If almost one year ago we were releasing the first results of the security audit performed by of Enable Security over the OpenSIPS 3.2 code, now is the right time for the full disclosure. What was missing? As per the initial post, we hold back all the information about how to reproduce the crashes. Why? … Continue reading OpenSIPS Security Audit, fully disclosed
Tag: Security
Almost an year ago we were boiling the idea of starting a professional security audit over the freshly released OpenSIPS 3.2 . What were the reasons for doing this and how the audit actually took shape, as targets, methodology and deliverables, is described in this original manifest. Of course, nothing would have been possible without … Continue reading OpenSIPS Security Audit, facts and results
Couple of months ago, after exchanging some ideas we Sandro Gauci from Enable Security, we saw as plausible the project of performing a professional Security Audit (PenTests) for OpenSIPS 3.2, with public results and benefits for the whole project and community. So, we embarked in the quest of making that possible, to put together the … Continue reading The OpenSIPS Security Audit is happening
Yes, this is the news - the OpenSIPS major version 3.2, beta release, is out. We build a plan for it, an ambitions plan, trying to cover a lot of items, maybe too many for a single year of work. Still, the community feedback is an essential way to keep us on tracks, when comes … Continue reading OpenSIPS 3.2, here it is!
We all do plans in advance and the most helpful thing here is to know what to expect, what to rely on, what upcoming events are. Well, we want to help all the OpenSIPS'ers and share with you the 2021 calendar for OpenSIPS project, with the most relevant events. OpenSIPS Releases The 3.2 OpenSIPS major … Continue reading OpenSIPS calendar for 2021
For the purpose of providing secure SIP communication over the TLS protocol, OpenSIPS uses the OpenSSL library, the most popular TLS implementation across the Internet. However, integrating OpenSSL with OpenSIPS has posed a series of challenges starting with OpenSSL version 1.1.0, and has caused quite a few bugs and crashes since then, as presented in … Continue reading Exploring SSL/TLS libraries for OpenSIPS 3.2
In order to provide secure SIP communication over TLS connections, OpenSIPS uses the OpenSSL library, probably the most widely used open-source TLS & SSL library across the Internet. The fact that it is so popular and largely used makes it more robust, therefore a great choice to enforce security in a system! That was the … Continue reading The OpenSIPS and OpenSSL journey
You must be logged in to post a comment.