OpenSSL

Heartbleed is at the heart of controversy today. It is related to OpenSSL. What is OpenSSL and why it is a popular choice ?

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.

Source: OpenSSL Project

So, OpenSSL is a cryptography library. It makes communication between browser and website secure. Data transfered between browser and website are encrypted, preventing eavesdrop, or man-in-the-middle attack.

Now, in version 1.0.1 of OpenSSL, a heartbeat extension is introduced.

The Heartbeat Extension provides a new protocol for TLS/DTLS allowing the usage of keep-alive functionality without performing a renegotiation and a basis for path MTU (PMTU) discovery for DTLS.

Source : IETF

Heartbeat extension is the cause for Heartbleed bug.

Now, why is OpenSSL so popular ?

Open Source
While Open Source application is not always free, most are available at no cost. We will discuss Open Source in more detail tomorrow.

Commercial grade

Commercial grade means the application is made for enterprises, thus it is loaded with full featured we can expect from similar SSL application.

Those two are the primary reason for popularity of OpenSSL.