I’ve just checked to confirm that all of my production servers are using OpenSSL 1.x, which is not affected.
I do not know of RouterOS uses OpenSSL, or LibreSSL or something else as their crypto library though so checking in here sounded like a good idea. 
https://twitter.com/iamamoose/status/1584908434855628800
https://www.zdnet.com/article/openssl-warns-of-critical-security-vulnerability-with-upcoming-patch/
I too would be interested to understand this, as there is previous mention in this forum of OpenSSL being used within RouterOS.
When can we expect a formal response from Mikrotik regarding these vulnerabilities?
At this time CISA and the NCSC-NL are maintaining a list of all affected/unaffected products at the following site and Mikrotik products are not listed:
https://github.com/NCSC-NL/OpenSSL-2022/blob/main/software/README.md
Based on mikrotik support response SUP-96821, “MikroTik is not affected by these vulnerabilities.”
Well done Mikrotik!
Thank you, but is there a link to this support response?
It would be interesting to get some info from Mikrotik.
However: many contemporary major software projects, such as apache httpd or haproxy, are based on OpenSSL version 1.1. Some, including nginx, support both 1.1 and 3.0.
I wouldn’t be surprised if Mikrotik is as well (and might remain at openssl v1.1 for a long time). And in this case it’s no wonder if it’s not impacted by openssl 3.0 vulnerability.
Write yourself to support, so you have your “link”, if you doubt what other users write.
I don’t think anyone wearing a calabash fruit for a hat is going to listen to reason. 
Except the openssl license file present in the firmware, I see no sign of openssl anywhere.
From where did anyone got the ideea that RouterOS is even using OpenSSL?
@webformix ?
RouterOS is not affected.
v7 is using our own TLS implementation.
v6 is using OpenSSL 1.0.2u.
Thank you Guntis for putting the trolls and clickbaiters to bed.
I am going to have to add you to my NOTE (that annoyingly pops up everytime I log into my hex LOL)
…
