OpenSSL Libraries Update Request

AJB4793 Posts: 2 New Member



I hope that you are doing well today.


I would like to provide a suggestion for inclusion with a future update to Freedome. I installed the 1.10.3502.0 update when it became available.


Currently Freedome includes library files from OpenSSL 1.0.1t ( back to 3rd May 2016).

The file names are (both files are 32 bit DLLs) located in the


C:\Program Files (x86)\F-Secure\Freedome\Freedome\1.1 folder:





These 3rd party open source library contain one known high severity vulnerability (CVE-2016-6304) as listed on the following page:


According to the following OpenSSL blog post and security advisory, the 1.0.1 version of OpenSSL has ceased receiving security updates as of December 31st 2016:


The Python Foundation released Python 2.7.12 in June 2016 also updated to OpenSSL 1.0.2h and again in December 2016 to 1.0.2j with Python 2.7.13.


Directory Opus also updated its version of the included OpenSSL libraries to a version after the Heartbleed flaw was resolved (1.0.1g)(dated April 2014) and again in Mach 2015 to version 1.0.2a. They acknowledged that it was not possible to exploit this well-known flaw within their application but patched it simply for thoroughness.


For the above reasons I would hope that you will consider updating this 3rd party library to a newer version and continue to update it as new versions are made available (as the other vendors mentioned above already do).


Thank you for your time. Have a good day.


  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    Hi AJB4793,


    Thanks for your detailed feedback. I will take it to the Freedome team and will keep you posted if there is an input.


  • AJB4793
    AJB4793 Posts: 2 New Member

    Hi Laksh,


    Many thanks for your quick response. I really appreciate you bringing this to the attention of the Freedome team.

This discussion has been closed.
Product & Pricing Info