MediaWiki API result
This is the HTML representation of the JSON format. HTML is good for debugging, but is unsuitable for application use.
Specify the format parameter to change the output format. To see the non-HTML representation of the JSON format, set format=json.
See the complete documentation, or the API help for more information.
{
"batchcomplete": "",
"continue": {
"gapcontinue": "SECADV_20140605",
"continue": "gapcontinue||"
},
"warnings": {
"main": {
"*": "Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce> for notice of API deprecations and breaking changes."
},
"revisions": {
"*": "Because \"rvslots\" was not specified, a legacy format has been used for the output. This format is deprecated, and in the future the new format will always be used."
}
},
"query": {
"pages": {
"38": {
"pageid": 38,
"ns": 0,
"title": "Related Links",
"revisions": [
{
"contentformat": "text/x-wiki",
"contentmodel": "wikitext",
"*": "Please feel free to edit this page and add your own OpenSSL-based project or product. This is the one place where otherwise extraneous mention of commercial products is appropriate. Note such mention does not constitute endorsement per our [[Commercial Product Disclaimer]].\n\n== Open Source Cryptographic Libraries ==\n\nProducts which are available under some form of Open Source license, and which may also be available under some form of commercial license.\n\n{| class=\"wikitable sortable\" border=\"1\"\n|+ Open Source Cryptographic Libraries\n|-\n! scope=\"col\" width=\"150px\" | Library\n! scope=\"col\" class=\"unsortable\" | Description\n|-\n| [http://sourceforge.net/projects/amissl/ AmiSSL] || an OpenSSL port to AmigaOS\n|-\n| [http://botan.randombit.net/ Botan] || a C++ cryptography library which includes a TLS implementation\n|-\n| [http://boringssl.googlesource.com/boringssl/ BoringSSL] || a Google fork of OpenSSL ([https://www.imperialviolet.org/2014/06/20/boringssl.html Announcement ]) (Press coverage: [https://news.ycombinator.com/item?id=7922745 ycombinator], [http://arstechnica.com/security/2014/06/google-unveils-independent-fork-of-openssl-called-boringssl/ Ars Technica], [http://www.pcworld.com/article/2366440/google-develops-own-boring-version-of-openssl.html PC World], [http://www.zdnet.com/google-takes-openssl-and-turns-it-into-boringssl-7000030796/ ZDNet] )\n|-\n| [http://www.bouncycastle.org/ Bouncy Castle] || cryptography API for Java and C# ([[Wikipedia: Bouncy Castle (cryptography)]])\n|-\n| [http://www.cs.auckland.ac.nz/~pgut001/cryptlib/ Cryptlib] || a security toolkit that allows one to easily add encryption and authentication services to software\n|-\n| [http://www.cryptopp.com/ Crypto++] || a free C++ class library of cryptographic schemes\n|-\n| [http://www.gnutls.org/ GnuTLS] || an LGPL-licensed TLS library with substantial documentation\n|-\n| [http://www.libressl.org/ LibreSSL] || an OpenBSD fork of OpenSSL (Press coverage: [http://www.zdnet.com/openbsd-forks-prunes-fixes-openssl-7000028613/ ZDNet], [http://arstechnica.com/information-technology/2014/04/openssl-code-beyond-repair-claims-creator-of-libressl-fork/ Ars Technica])\n|-\n| [http://libtom.org/ LibTomCrypt] || public domain open source crypto library written in C\n|-\n| [http://www.flyn.org/projects/libtlssep/ libtlssep] || A simplified TLS library based on OpenSSL that decomposes socket operations from private key operations by providing two processes\n|-\n| [http://tls.mbed.org/ mbed TLS] || TLS library that handles the complexities of the Secure Sockets Layer (SSL) protocol for applications (formerly PolarSSL)\n|-\n| [http://www.mitls.org/wsgi miTLS] || a verified reference implementation of the TLS protocol. ([http://www.reddit.com/r/netsec/comments/1zn2d3/mitls_a_verified_reference_tls_implementation/ \"reddit: miTLS - A verified reference TLS implementation\"])\n|-\n| [http://nacl.cr.yp.to/ NaCl] || NaCl (pronounced \"salt\") is a easy-to-use high-speed software library for network communication, encryption, decryption, and signatures\n|-\n| [http://www.mozilla.org/projects/security/pki/nss/ NSS] || a set of libraries designed to support cross-platform development of security-enabled client and server applications\n|-\n| [http://pocoproject.org/ Poco] || Modern open source C++ class libraries for building network-based applications that run on desktop, server, mobile and embedded systems. \n|-\n| [http://github.com/awslabs/s2n s2n] || Amazon's open source implementation of the TLS/SSL protocols.\n|-\n| [http://www.ohloh.net/projects/xyssl XySSL] || a C library providing a very small footprint crypto library and SSL implementation.\n|}\n\n== Open Source Products Using OpenSSL ==\n\nProducts which are available under some form of Open Source License, and which may also be available under some form of commercial license.\n\n{| class=\"wikitable sortable\" border=\"1\"\n|+ Open Source Products Using OpenSSL\n|-\n! scope=\"col\" width=\"150px\" | Product\n! scope=\"col\" class=\"unsortable\" | Description\n|-\n| [http://libevent.org/ libevent] || an event driven library which can [http://www.wangafu.net/~nickm/libevent-book/Ref6a_advanced_bufferevents.html#_bufferevents_and_ssl optionally use OpenSSL]\n|-\n| [http://en.wikipedia.org/wiki/Mod_ssl mod_ssl] || SSL/TLS module for the [http://en.wikipedia.org/wiki/Apache_HTTP_Server Apache HTTP Server]\n|-\n|[https://www.stunnel.org/index.html Stunnel] || an SSL encryption wrapper between remote client and local (inetd-startable) or remote server\n|}\n\n=== Languages libraries/Wrappers relying on openssl ===\n\n* '''libcurl''' http://curl.haxx.se/ which can use openssl\n* '''PHP''' uses libcurl http://php.net/manual/en/intro.curl.php \n* '''Python''' pyOpenSSL https://github.com/pyca/pyopenssl cryptography https://github.com/pyca/cryptography\n* '''Perl''' Perl-Openssl http://sourceforge.net/projects/perl-openssl/\n\n== Closed Source Cryptographic Libraries ==\n\n{| class=\"wikitable sortable\" border=\"1\"\n|+ Closed Source Cryptographic Libraries\n|-\n! scope=\"col\" width=\"150px\" | Library\n! scope=\"col\" class=\"unsortable\" | Description\n|-\n| [http://www.example.com No Entry] || This is a placeholder\n|}\n\n== Closed Source Products Using OpenSSL ==\n\n{| class=\"wikitable sortable\" border=\"1\"\n|+ Closed Source Products Using OpenSSL\n|-\n! scope=\"col\" width=\"150px\" | Product\n! scope=\"col\" class=\"unsortable\" | Description\n|-\n| Stonesoft Firewall Appliances [https://www.stonesoft.com/en/customer_care/documentation/appliances/] \n| Stonesoft (now McAfee) Appliances uses openssl as SSL/TLS communication library, license advertised [http://www.stonesoft.com/en/customer_care/support/third_party_licenses.html]\n|-\n| [http://www.example.com No Entry] || This is a placeholder\n|}\n\nEven if this section is empty now, it exist a numerous number of closed source products using OpenSSL.\n\n== Books and Documentation == \n\n{| class=\"wikitable sortable\" border=\"1\"\n|+ Books and Documentation\n|-\n! scope=\"col\" width=\"150px\" | Title\n! scope=\"col\" class=\"unsortable\" | Description\n|-\n| [https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations Comparison of TLS implementations] || Wikipedia article comparing various TLS libraries\n|-\n| [http://www.keylength.com/ keylength.com] || site which summarizes various key length recommendations\n|-\n| [https://www.feistyduck.com/books/openssl-cookbook/ OpenSSL Cookbook] || A free ebook that covers configuration and command-line usage (first\npublished in 2013; continuously updated)\n|-\n| [http://shop.oreilly.com/product/9780596002701.do Network Security with OpenSSL] || O'Reilly book from 2002\n|}\n\n== Testing Resources == \n\n{| class=\"wikitable sortable\" border=\"1\"\n|+ Testing Resources\n|-\n! scope=\"col\" width=\"150px\" | Title\n! scope=\"col\" class=\"unsortable\" | Description\n|-\n| [https://www.tls-o-matic.com/ TLS-O-MATIC] || A set of tests for TLS clients\n|-\n| [https://www.ssllabs.com/ssltest/ SSL Labs server test] || Probes any HTTPS server on the Internet and assigns it a letter grade\n|-\n| [https://www.ssllabs.com/ssltest/viewMyClient.html SSL Labs client test] || Tests the TLS capabilities of your browser\n|-\n| [https://github.com/iSECPartners/tlspretense TLSPretense] || A test framework for testing SSL/TLS client certificate validation\n|-\n| [https://sni.velox.ch/ sni.velox.ch] || Test for Server Name Indication\n|}"
}
]
},
"553": {
"pageid": 553,
"ns": 0,
"title": "SECADV 20140407",
"revisions": [
{
"contentformat": "text/x-wiki",
"contentmodel": "wikitext",
"*": "= SECADV_20140407 =\n\nA missing bounds check in the handling of the TLS heartbeat extension can be\nused to reveal up to 64k of memory to a connected client or server.\n\n{| class=\"wikitable\" border=\"1\"\n|-\n! scope=\"col\" | Date\n! scope=\"col\" | Advisory\n! scope=\"col\" | Description\n! scope=\"col\" | CVE\n! scope=\"col\" | Affected Versions\n! scope=\"col\" | Fixed In Versions\n|-\n| 07-Apr-2014 \n| [https://www.openssl.org/news/secadv_20140407.txt SECADV_20140407] \n| TLS heartbeat read overrun\n| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 CVE-2014-1060] \n| OpenSSL-1.0.1a to OpenSSL-1.0.1f\nOpenSSL-1.0.2 betas\n| OpenSSL-1.0.1g \nOpenSSL-1.0.2-beta2\n|}\n\n== Abstract ==\n\nDue to a missing / incorrect bounds check in the code it is possible to return chunks of memory from a TLS peer (client or server)\nby sending invalid requests which are incorrectly processed.\n\nThe memory returned may contain sensitive information such as the private key, account names and/or passwords.\n\n== Technical Details ==\n\nEither party in an SSL/TLS channel can request a heartbeat response from the peer. \nThis means a client can send a request to a server or a server can send a request to a client making each vulnerable to attach from the other end.\n\n== Solutions and Workarounds ==\n\n:* Upgrade to OpenSSL 1.0.1g. \n:** This is the recommended option from the OpenSSL team.\n:* Rebuild your affected OpenSSL release with the heartbeat feature disabled\n:** This is as simple as a recompilation with -DOPENSSL_NO_HEARTBEATS\n:* Block the heartbeat processing in your application code\n:** [https://gist.github.com/t-j-h/11337380 heartbeat_block.c] Example application code showing msg_cb use to block heartbeat\n\n== Detecting Vulnerability ==\n\n:* [https://gist.github.com/robstradling/10363389 heartbleed.c] Rob Stradling\n::* C code exampling using OpenSSL library to detect if a server is vulnerable. Requires completed handshake prior to sending invalid heartbeat probe.\n:* [https://github.com/noxxi/p5-scripts/blob/master/check-ssl-heartbleed.pl check-ssl-heartbleed.pl] Steffen Ullrich\n::* Standalone perl script to detect if a server is vulnerable. Sends a ClientHello message and then an invalid heartbeat probe without waiting for the handshake to complete.\n:* [https://code.google.com/p/mike-bland/source/browse/heartbleed/heartbleed_test.c heartbleed_test.c] Mike Bland ([https://github.com/openssl/openssl/pull/81 git pull request])\n::* Regression / Unit Test Suite\n:* [http://blog.meldium.com/home/2014/4/10/testing-for-reverse-heartbleed Testing For Reverse HeartBleed]\n:* [https://github.com/ah8r/cardiac-arrest Cardiac Arrest] \n::* Standalone Python script to detect if a server is vulnerable. \n\n== References ==\n\n:* [http://heartbleed.com/ '''HeartBleed'''] [http://www.codenomicon.com/ CodeNomicon ]\n:* [https://gist.github.com/epixoip/10570627 '''Cloudflare Challenge Writeup'''] Jeremi M Gosney\n:* [https://bugzilla.redhat.com/attachment.cgi?id=883475 RedHat fix commit]\n:* [https://plus.google.com/+MarkJCox/posts/TmCbp3BhJma Timeline] Mark J Cox\n:* [http://www.smh.com.au/it-pro/security-it/heartbleed-disclosure-timeline-who-knew-what-and-when-20140415-zqurk.html Heartbleed disclosure timeline: who knew what and when] Sydney Morning Herald\n:* [http://www.hut3.net/blog/cns---networks-security/2014/04/14/bugs-in-heartbleed-detection-scripts- Bugs in Heartbleed detection scripts]"
}
]
}
}
}
}