Cloud Blog

Category Archives: API Cloud

“High” severity security vulnerabilities in OpenSSL

WSO2 Cloud Services are not affected by this vulnerability, however systems administrators are highly advised to update the OpenSSL version.

OpenSSL is one of the most widely used implementations of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) cryptographic protocols. It’s being used widely on many internet-facing devices, including two thirds of all web servers. On 9th July, OpenSSL released a security patch to fix a new vulnerability discovered in versions 1.0.2 and 1.0.1.

“During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and ‘issue’ an invalid certificate.”

 - OpenSSL Security Advisory [9 Jul 2015]

The vulnerability appears to exist only in OpenSSL versions released in June 2015 and later. Because of this, the vulnerability only affects a limited set of OpenSSL versions: 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.

Red Hat, CentOS, Debian, and Ubuntu have released notices stating that their distributions are not affected by this vulnerability as they were not using the latest version of OpenSSL.

How to make sure that your systems are not vulnerable?

If you are using any affected version, you should update your OpenSSL instance to a version as mentioned below.

  • OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d
  • OpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p

Note: The bug does not affect OpenSSL versions 1.0.0 and 0.9.8.

WSO2 Clouds: Private, Managed, Public

Hello, World! This is the inaugural post in our new WSO2 Cloud blog. We will be covering the news and updates from the Cloud team at WSO2.

When we talk about Cloud at WSO2 we talk about the WSO2 platform used in one of 3 scenarios.

WSO2 Cloud modalities

Private Cloud has been historically the first one for WSO2.

WSO2 was the original creator (and is now one of the main contributors) to Apache Stratos PaaS (and is still supporting it commercially under the name of WSO2 Private PaaS) and has WSO2 App Factory PaaS that can run on top of it giving comprehensive developer experience with full lifecycle management, cloud IDE, teamwork, and so on.

In addition to that, the whole WSO2 integration platform stack plugs into the PaaS, giving complete cloud platform with:

  • Identity federation and management,
  • API management,
  • Integration,
  • Device management,
  • Application management
  • Data analytics (real-time and batch).

This makes it possible for some of the biggest companies in the world to deliver complex functionality for their employees, partners, and customers.

For example, watch this talk by Boeing on how they used WSO2 stack to implement their Boeing Edge platform that collects data from airplanes, analyses it, and then exposes to customers (airlines) in combination with supply chain systems for proper airplane servicing, ordering replacement parts, and so on.

Boeing Edge talk on WSO2 technology used by the company

Managed Cloud is not a software product really but a dedicated hosting option that we offer to our enterprise customers.

If you want to use any combination of WSO2 products, but do not want to maintain that deployment – our operations team is happy to do this for you:

  • Available for any combination of WSO2 products,
  • Run in the region of your choice on dedicated virtual machines not shared with any other customers,
  • WSO2 engineers set up the environment including the virtual machines, WSO2 products, and networking,
  • Can be set up to have network connectivity with your on-premise datacenter,
  • Deployment can be customized for your specific needs,
  • Can be combined with professional services including consultancy, development, and QuickStart,
  • Includes full devops service including 24*7 monitoring, regular backups, and product updates,
  • Priced as a fixed monthly fee,
  • Guaranteed service level and uptime.

Finally, WSO2 Public Cloud is a combination of WSO2 products deployed in shared multitenant mode.

These are shared deployment so the customization options are more limited. However, the pricing is extremely attractive: API Cloud starts at mere $100/month (after a free trial), and App Cloud is in free beta, and all you need to do to start using it is just go to http://wso2.com/cloud and sign up with your email address.

Two services are currently available:

And we keep working on adding more cloud services based on other WSO2 products – so stay tuned!

Categories

Recent Posts

Most Popular Posts