OpenSSL A.00.09.07m.049, A.00.09.07m.050, and A.00.09.08k.003 Release Notes
Table Of Contents
- OpenSSL A.00.09.07m.049, A.00.09.07m.050, and A.00.09.08k.003 Release Notes
- Table of Contents
- 1 OpenSSL A.00.09.07m.049, A.00.09.07m.050, and A.00.09.08k.003
- Announcement
- What is in OpenSSL A.00.09.07m and A.00.09.08k
- What is in OpenSSL A.00.09.08k
- OpenSSL Components
- Defects Fixed in OpenSSL Versions A.00.09.07m and A.00.09.08k
- Known Problems
- Compatibility Information and Installation Requirements
- Installing OpenSSL
- Using the openssl Command-Line Tool
- OpenSSL Resources
- Frequently Asked Questions (FAQs)
If none of these random number generators are available on the system, OpenSSL returns an
error while executing cryptographic functions. To prevent this situation, OpenSSL for HP-UX
11i v1 includes the /opt/openssl/prngd/prngd random number generator. The prngd
server reads HP-UX commands from the prngd.conf file, computes random numbers based
on certain parameters, and writes the computed random numbers to an HP-UX socket located
in the /var/run/egd-pool directory. OpenSSL functions can connect to and read random
numbers from this socket. The HP-UX 11i v2 and HP-UX 11i v3 operating systems contain /dev/
random by default; therefore, it does not require /opt/openssl/prngd/prngd. Random
number generation using /dev/urandom or /dev/random is faster than using /opt/openssl/
prngd/prngd. HP-UX 11i v1 users can download /dev/random from the following location:
http://www.software.hp.com
Automatically Generated Self-Signed Host Certificate
An SSL-enabled server must be identified by a host certificate. A certificate also identifies the
network host, the name and ID of the Certificate Authority (CA), and expiry date of the certificate.
Before you can deploy an SSL-enabled server for production, it must acquire a certificate signed
by a legitimate CA. However, for testing purposes the certificate can be self-signed, that is, signed
by the application generating the certificate. Setting up a certificate hierarchy can be
time-consuming. If a self-signed certificate is available, you can direct your SSL server to this
certificate during testing. OpenSSL automatically generates a self-signed host certificate and
private key. The host certificate is stored as /opt/openssl/certs/host.pem and the private
key of the host certificate is saved as /opt/openssl/private/hostkey.pem. The subject
name of the certificate is as follows:
C=US, ST=CA, L=City, O=Company,
CN=localhost/emailAddress=www@localhost
You can also generate a self-signed host certificate using the following command:
$ openssl req -new -x509 -out /opt/openssl/certs/host.pem
-keyout /opt/openssl/private/hostkey.pem -nodes
-subj /C=US/ST=CA/L=City/O=Company/CN=localhost/emailAddress=www@localhost
Defects Fixed in OpenSSL Versions A.00.09.07m and A.00.09.08k
OpenSSL versions A.00.09.07m and A.00.09.08k include security and bug fixes. For more
information on the fixes, see:
http://www.openssl.org/news/changelog.html
Known Problems
Following is the known problem in this version of OpenSSL:
In OpenSSL A.00.09.07m and OpenSSL A.00.09.08k EVP with AES-cfb1 and DES-cfb1 does
not work properly.
Compatibility Information and Installation Requirements
This section lists the system and patch requirements for OpenSSL A.00.09.07m and A.00.09.08k.
System Requirements
Table 1-6 specifies the minimum system requirements for installing OpenSSL A.00.09.07m and
A.00.09.08k.
Defects Fixed in OpenSSL Versions A.00.09.07m and A.00.09.08k 17