Abyss Web Server version 2.9.3 just released with hardened SSL/TLS support
April 14, 2014
Aprelium is pleased to announce the release of new updates for both editions of Abyss Web Server for Windows, Mac OS X, and Linux:
- Abyss Web Server X1 version 2.9.3: Free personal edition. It isn't a trial version or a demo. It is a fully usable personal web server with no limitations, no nag screens, no spyware, and no advertisements.
- Abyss Web Server X2 version 2.9.3: Professional edition priced at US $59.95. It is a professional web server which comes with 1 year of free upgrades and 1 year of priority technical support.
Users of previous versions should upgrade to this version as soon as possible to reduce their exposure to newly discovered security issues related to the SSL/TLS protocols.
The new releases improves the SSL/TLS support while hardening it against recently discovered SSL/TLS vulnerabilities:
- Updated the SSL/TLS engine to fix the Heartbleed issue (CVE-2014-0160)
- Disabled SSL/TLS compression support to mitigate CRIME attacks
- Changed the default cipher lists as a countermeasure against BEAST attacks
- Disabled client initiated SSL renegotiation and added secure TLS renegotiation to mitigate client initiated SSL/TLS renegotiation denial of service attacks
- Cipher choice during SSL/TLS handshakes is now imposed by the server
- Removed support for the insecure SSL version 2 protocol
The new releases add the following features:
- Added support for 3072 and 4096-bit private keys generation
- Added a parameter to control the size of script/Web application output buffer
- Updated documentation
The new releases also include several minor internal enhancements and fix the issues that have been reported with previous versions.
For Abyss Web Server X1 Users
Visit Downloads to get the new version of Abyss Web Server. Installation and upgrading instructions are provided on the download page.
For Abyss Web Server X2 Users
Open Abyss Web Server's console, select Help & Support, and click on Check for Updates.