Pages

You are using a highly vulnerable version of OpenSSL

Google have sent out emails to developers about the latest security hole in open SSL. The text says something like this:

One or more of your apps is running an outdated version of OpenSSL, which has multiple security vulnerabilities. You should update OpenSSL as soon as possible. For more information about the most recent security vulnerability in OpenSSL, please see


So far, I've worked out OpenSSL 1.0.0a is included in Cocos2dx 2.2.3 extensions.

To see which of you apps have it download BlueBox's Heartbleed scanner on you phone and run it.  The bug Google are talking about isn't HeartBleed, it's a newer problem, so ignore it telling you that your apps are OK, but it will show which use OpenSSL.

If you are using Cocos2dx 2.2x this seems to fix the problem:

In Android.mk  remove this line:

$(call import-module,extensions)

Rebuild, install on your phone and run the BlueBox scanner again.  Your app should have gone from the list of apps with OpenSSL.

If you don't use Cocos2dx but want to find what is adding OpenSSL my advice is to build up an app using what ever components/libraries you use, testing with BlueBox's scanner after adding each component.  That is how I found out what was adding it for me.

5 comments:

  1. Thanks for the tip, I'll be sure to try this! I just received the warning email and was a bit worried since my apps are pretty self-contained.

    ReplyDelete
  2. I can't remove "$(call import-module,extensions)"
    because if I do I get:
    "fatal error: cocos-ext.h: no such file..."

    But I need that for things like:
    cocos2d::extension::CCEditBox

    If I run the BlueBox's Heartbleed scanner my app shows up, but
    but its says:
    vulnerable: no

    Is that OK?

    ReplyDelete
  3. Hi!
    I have projects with Cocos2d-x-JSB 2.2.3 and I can't see this line in Android.mk. I use Google Play Services and MoPub library. Could you give me any hint?

    ReplyDelete
  4. Thank you for your very nice article, do not forget to read my articles also
    gambar lucu
    kata kata cinta
    kata kata galau
    kata kata lucu
    kata kata mutiara
    dp bbm cinta
    cara menghilangkan jerawat
    kata kata mutiara cinta
    are deliberately presented to the loyal readers.

    ReplyDelete