Swift-nio-ssl: OpenSSL security update, February 7 2023

TL;DR: swift-nio-ssl is unaffected.

OpenSSL has published a security advisory that discloses a High severity security issue that partially affects BoringSSL, CVE-2023-0286. This issue only affects BoringSSL users that enable CRL checking, by setting X509_V_FLAG_CRL_CHECK.

swift-nio-ssl does not and has never set this flag, so it is unaffected. No action is required.

5 Likes