I wanted to create a thread to get any updates from Corona on the heartbleed exploit found in OpenSSL.
Is Corona SDK on the latest version of OpenSSL?
The OpenSSL team is telling everyone to upgrade to the latest as that fixes the bug.
The bug is detailed here:
http://threatpost.com/seriousness-of-openssl-heartbleed-bug-sets-in/105309
more info here:
http://bits.blogs.nytimes.com/2014/04/08/flaw-found-in-key-method-for-protecting-data-on-the-internet/?_php=true&_type=blogs&hp&_r=0
We have top men working on it right now!
@panc LMAO perfect
HAHAH… That would be SEAN!
We’ve updated everything to use OpenSSL v.1.0.1g (latest fixed version).
I see that today’s daily build (2014.2256) includes the fix. Thanks much for your timely response.
Yes, thanks guys.
I use SSL to encrypt my save file, so at worst hackers can exploit the game save file, which isn’t a major issue for me at the moment.
I’m running Corona SDK 2014.1262 pre-shader for performance reasons with the OpenSSL plugin. Is the plugin that gets built with my version have the fix? Or do I need to update to latest version and make my game compatible?
Everyone should automatically get the fix.
Use this to verify which version you’re using:
local openssl = require('plugin.openssl') lua\_openssl\_version, lua\_version, openssl\_version = openssl.version() print( "lua-openssl version: " .. lua\_openssl\_version, lua\_version, openssl\_version )
As a side note, we’ve worked out a lot of the initial performance concerns of Graphics 2.0. We highly recommend you upgrade.
K on both my build and simulator I’m reporting this as my Open SSL version, so the plug in is not up to date for my build 2014.1262
lua-openssl version: 0.0.5
Lua 5.1
OpenSSL 1.0.1e 11 Feb 2013
I tested out the new engine but had some reservations when my simulator performance at high res on my macbook really started to chug. I’m sure iOS versions can handle it, Android performance especially on Galaxy S3’s scares me. There’s a bit more work and I’d be using 1.0 compatibility mode.
On which platform (Windows or Mac) are you using the Simulator?
On 2011 Macbook Pro 13" running Lion, the performance hit is obvious when switching the simulator to regular iPad resolution. I’m running a rather tepid GPU, but so are a lot of Android phones. iOS devices run Corona great even on an old 3GS.
the build in question is the last 1.0 updated to work with iOS 7 that isn’t supporting the current version of SSL
http://coronalabs.com/blog/2014/01/29/apples-ios-7-submission-requirements/
I’ve had two reviews on Android complaining about the SSL heartbleed issue.
Delete the content of this directory and try again:
~/Library/Application Support/Corona/Simulator/Plugins
Did and it’s still reporting the same old version from 2013
The content of the plugins folder includes Google.IAPV3, TapForTap and OpenSSL all dated from 2014-04-15 so recent, but still pointing to old version
I suggest trying Graphics 2.0.
Used the new SDK to download the latest plugin for OpenSSL then switched back, problem solved
Update: I can get the plugin to copy and run the the latest open ssl with the previous sdk plugins on the simulator, but I can’t build a proper Android build that has the new one with my older SDK.
Is there any workaround? could you please please add the new OpenSSL plugin to build 2014.1262
I have 15,000-20,000 daily players, some of them on Android keep giving me one star reviews because they detect the old version of OpenSSL and think their compromised, even though I never use it for server communication, and strictly to encrypt my save file.
We have top men working on it right now!