Skip to main content
SecurityFebruary 11, 20253 min read

OpenSSL CVE-2024-12797 - Raw Public Key TLS Authentication Bypass Patched

OpenSSL has patched CVE-2024-12797, a high-severity TLS authentication flaw that lets a server bypass Raw Public Key verification without aborting the handshake. Affects OpenSSL 3.2, 3.3, and 3.4. Update immediately.

OpenSSL CVE-2024-12797 - What Was Patched

The OpenSSL project published a security advisory on February 11, 2025 disclosing CVE-2024-12797, a high-severity authentication flaw that affects TLS clients using Raw Public Keys (RPKs, defined in RFC 7250) to authenticate the server. The vulnerability was reported to the project by Apple Inc. on December 18, 2024 and the fix was developed by Viktor Dukhovni of the OpenSSL core team.

According to the OpenSSL advisory, clients using RFC 7250 Raw Public Keys to authenticate a server may fail to notice that the server was not authenticated, because handshakes do not abort as expected when the SSL_VERIFY_PEER verification mode is set. In effect, a TLS client that requested peer verification and received an unverifiable RPK would proceed with the handshake as if authentication had succeeded - opening the connection to a man-in-the-middle attacker who is in a position to intercept the traffic.

Affected and Fixed Versions

The flaw affects OpenSSL 3.2, 3.3, and 3.4. Patched releases are:

  • OpenSSL 3.4.1 (fix for the 3.4 branch)
  • OpenSSL 3.3.3 (fix for the 3.3 branch)
  • OpenSSL 3.2.4 (fix for the 3.2 branch)

OpenSSL 3.0 and 3.1 are not affected because RPK support was added in 3.2. OpenSSL 1.1.1 is also not affected. The advisory also states that the FIPS modules in 3.4, 3.3, 3.2, 3.1, and 3.0 are not affected.

Real-World Exposure

Raw Public Keys are not used by typical web TLS, where servers present X.509 certificates. RPK adoption is concentrated in IoT deployments, constrained-device protocols, and a subset of newer TLS-based application protocols where the certificate-authority model adds unwanted overhead. If your applications rely solely on the standard certificate path through the SSL_VERIFY_PEER mode, the practical exposure is low, but the patched version should still be installed because OpenSSL is shared across many processes on a typical server.

If your stack explicitly enables RPK authentication - anywhere in your code, your library configuration, or in middleware that wraps OpenSSL - treat the exposure as immediate and patch first.

What to Do

Update OpenSSL via your distribution's package manager and restart every service that links against the library. On Debian and Ubuntu, run apt-get update followed by apt-get upgrade openssl libssl3. On RHEL, AlmaLinux, Rocky, and Amazon Linux, run dnf update openssl. After the package update, services that hold a long-lived OpenSSL handle in memory continue to use the old library version until they are restarted; tools such as needrestart on Debian/Ubuntu identify which services still need a restart.

For container images, rebuild base layers so the patched OpenSSL package is pulled in, then redeploy. Image scanners such as Trivy and Grype detect the affected versions automatically once their advisory feeds are refreshed.

Verify the running library with openssl version, and confirm the package metadata matches the patched release for your distribution. The OpenSSL project's security mailing list and the vulnerabilities page on openssl-library.org publish each advisory as it is released and remain the authoritative source for follow-up fixes.

Talk to the engineer who will own your stack.

No account managers, no offshore handoff. Senior DevOps, direct. Tell us what you are dealing with and you get a straight answer.

Related News

Security

nginx Patches Three CVEs, One a 9.2 Critical Bug That Sat Hidden in the Code Since 2011

nginx patched three CVEs on July 15, 2026: a 9.2-rated critical heap buffer overflow in map regex matching (CVE-2026-42533) present since 2011, an uninitialized-memory bug that unnamed regex captures trigger through either the slice directive or ordinary background cache updates (CVE-2026-60005), and a use-after-free in the SSI filter (CVE-2026-56434) present since 2009. Fixed in 1.30.4 stable and 1.31.3 mainline. With the config patterns to audit for, five read-only audit commands, and the detail most coverage gets wrong about the second bug.

Security

A 16-Year-Old KVM Bug Called Januscape Lets a Guest VM Break Out to the Host on Intel and AMD

Januscape (CVE-2026-53359) is a 16-year-old use-after-free in the Linux KVM shadow MMU on both Intel and AMD, rated a guest-to-host escape by Canonical. The public proof of concept crashes the host from inside a guest, while full host takeover is claimed but not published. Upstream fixed it on July 4, but distro kernels are still pending. Here is who is exposed, the nested-virtualization mitigation, and what to do now.

Security

A 15-Year-Old Linux Kernel Bug Called GhostLock Gives Any Local User Root and Escapes Containers

GhostLock (CVE-2026-43499) is a 15-year-old use-after-free in the Linux kernel rtmutex code that lets any logged-in user become root, and in the researchers' testing escape containers. It was quietly patched upstream in May, but Nebula Security has now published a working exploit, which changes the risk for anyone running shared or multi-tenant Linux. Here is who is actually exposed and what to do.