Info regarding OpenSSL 3 - Not used in Certify The Web

The OpenSSL project has recently announced a vulnerability in their certificate parsing code for OpenSSL 3.x which can cause denial of service or code execution on affected processes: /news/vulnerabilities.html

We have had a couple of enquiries regarding how Certify The Web might be affected. Certify The Web does not currently use the OpenSSL libraries for any functionality and is not affected by this vulnerability.

Like many .net based applications, Certify The Web makes use of the built in certificate parsing tools available in the .net framework which in parts rely on operating system components and on Windows these are not based on OpenSSL. We also use the .net version of the BouncyCastle library, which in turns also does not use OpenSSL.

Regarding certificates you have created using Certify The Web, the vulnerability affects specially crafted certificates designed to trigger the vulnerability so your existing certificates are not affected.

https://www.feistyduck.com/bulletproof-tls-newsletter/issue_94_openssl_fixes_buffer_overflows_in_certificate_parsing