documentation is included in each OpenSSL distribution under the docs
directory.
+* I need a FIPS validated offering
+
+Please see
+@@@https://www.openssl.org/docs/fips.html@@@; the OpenSSL project is no longer
+involved in private label validations nor adding platforms to the existing
+certificates.
+
* How can I contact the OpenSSL developers?
The README file describes how to submit bug reports and patches to
choice because we already use it in diverse scripts, and it's one of
the most widely spread scripting languages.
-* What is an 'engine' version?
-
-With version 0.9.6 OpenSSL was extended to interface to external crypto
-hardware. This was realized in a special release '0.9.6-engine'. With
-version 0.9.7 the changes were merged into the main development line,
-so that the special release is no longer necessary.
-
* How do I check the authenticity of the OpenSSL distribution?
We provide PGP signatures and a variety of digests on each release.
It was decided after the release of OpenSSL 0.9.8y the next version should
be 0.9.8za then 0.9.8zb and so on.
+
+* Do you have a bug bounty program?
+
+The project does not. Google runs a program
+@@@https://www.google.com/about/appsecurity/patch-rewards/@@@; so does
+HackerOne, @@@https://hackerone.com/ibb-openssl@@@. In general, if you
+have found a security issue, send email to openssl-security@openssl.org.
+Please note that we do not consider DNS configurations or Website
+configuration to be security issues.
+
projects / openssl-web.git / blobdiff