OpenSSL A.00.09.08n.001, A.00.09.08n.002, and A.00.09.08n.003 release notes, October 2010 (5900-1224)

ManualsBrandsHP ManualsSoftwareHP-UX OpenSSL Software

• OpenSSL Website at: http://www.openssl.org/

• OpenSSL FAQ at: http://www.openssl.org/support/faq.html

• OpenSSL mailing list at: http://marc.theaimsgroup.com/?l=openssl-users

• The Transport Layer Security (TLS) Internet Engineering Task Force (IETF) Working Groups

at: http://www.ietf.org/html.charters/wg-dir.html#Security%20Area

• OpenSSL APIs at: http://www.opensslbook.com/api/index.html

OpenSSL A.00.09.08o.001, A.00.09.08o.002, and A.00.09.08o003 Release Notes is available at the

following locations:

• The HTML and pdf versions are available at: The Business Support Center

• A text version of the README.hp readme file in the /opt/openssl directory.

Frequently asked questions (FAQs)

Following are questions frequently asked about OpenSSL.

1 What does OpenSSL do? Why do I need it?

OpenSSL offers an advanced level of security using the SSL/TLS protocols. Client-server

applications that send and receive data over a network are open to a range of vulnerabilities.

They can use SSL/TLS to implement privacy (through encryption), tamper-proofing (through

message digests) and non-repudiation (through certificates and digital signatures).

2 What is the openssl command-line tool? Why do I need it?

The OpenSSL libraries (libssl and libcrypto - the 32 and 64-bit versions of the static

and shared libraries) define the OpenSSL product. The openssl command-line tool is an easy

way for you to quickly execute functions (for example, create certificates) without having to

write a new application for that purpose.

NOTE: The openssl command-line tool is a 32–bit application. It uses the 32–bit static

OpenSSL libraries.

3 There are several flavours of libraries available in OpenSSL A.00.09.07m and OpenSSL

A.00.09.08o. What are they? How do I know when to use which library?

Use the OpenSSL A.00.09.07m and OpenSSL A.00.09.08o libraries for 32-bit and 64-bit

applications. Both the 32-bit and 64-bit versions of the libraries are provided. For a list of all

the library files, see“OpenSSL libraries” (page 10). You can also choose to create user

applications using either a static library or a shared library. In addition, OpenSSL A.00.09.08o

contains libraries that support hardware ENGINES.

4 How do I switch between OpenSSL A.00.09.07m and OpenSSL A.00.09.08o?

During installation, the depot installs OpenSSL A.00.09.07m and OpenSSL A.00.09.08o in

the /opt/openssl/0.9.7 and /opt/openssl/0.9.8 directories, respectively. These

directories contain binaries, libraries, manpages, and other files specific to each version of

OpenSSL. The /opt/openssl/switchversion.sh script switches between these two

versions. To change the version of OpenSSL, execute the script as follows:

# /opt/openssl/switchversion.sh

You can also choose to switch the openssl.cnf file based on the version of OpenSSL.

However this is not necessary.

5 How does the performance of OpenSSL A.00.09.08o compare to the Open Source version

0.9.7m or 0.9.8g respectively?

The two products have the same base source code. There is no difference in performance,

other conditions remaining the same. However, the performance of several openssl library

functions is dictated by the random number generator on the system. The /dev/urandom

and /dev/random devices perform better than prngd. You can download /dev/random

at:

24 OpenSSL A.00.09.08o.001, A.00.09.08o.002, and A.00.09.08o.003