SM2 fix in 1.1.1l

Michael Wojcik Michael.Wojcik at
Fri Aug 27 12:34:16 UTC 2021

I imagine I could figure this out by reading the source, but does the SM2 fix (the high-severity issue for OpenSSL 1.1.1l) apply to TLS using SMx (RFC 8998), or just to applications that use SM2 directly via the EVP API? It wasn't clear from the announcement, unless I missed something.

We'll be picking up 1.1.1l shortly, but I'd like to be able to clarify the situation for management and customers.

Michael Wojcik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list