Hi, The openssl team is just releasing security updates fixing various issues in openssl. The most relevant issue is called "DROWN", http://drownattack.com/ , CVE-2016-0800 Basically the SSLv2 protocol, especially when used with weak (EXPORT) ciphers is vulnerable to technically feasible Man-in-the-Middle Attacks. There is no choice but to switch SSLv2 and also EXPORT ciphers now off by default. For SLES (and also Leap 42.1) we are taking this step, but you can override this for very old legacy software using environment variables. Set the environment variables: OPENSSL_ALLOW_SSL2 for allowing sslv2 again OPENSSL_ALLOW_EXPORT for allowing EXPORT ciphers again Online updates for SUSE Linux Enterprise are currently being released and a TID for SUSE Linux Enterprise will be published at https://www.suse.com/support/kb/doc.php?id=7017297 openSUSE 13.2 and openSUSE Tumbleweed already ship built with "no-ssl2" configure option, so do not feature SSLv2 anymore at all. openSUSE Leap 42.1 will get an update imported from SLES 12 SP1 today. There is a secondary issue called "CacheBleed", which however requires attackers to operate on the same CPU in the same HyperThread making this attack less likely. ( http://ssrg.nicta.com.au/projects/TS/cachebleed// ) Other security issues with lesser impact are also fixed in this update round, but not specifically mentioned in this email. Ciao, Marcus