OpenSSL A.00.09.08n.001, A.00.09.08n.002, and A.00.09.08n.003 release notes, October 2010 (5900-1224)

ManualsBrandsHP ManualsSoftwareHP-UX OpenSSL Software

./Configure threads zlib shared no-rc5 no-idea no-krb5

--openssldir=/opt/openssl hpux-cc

FIPS Capable OpenSSL (based on OpenSSL A.00.09.07m and linked against FIPS-1.1.2 module)

is built with the following options:

./Configure threads zlib shared no-rc5 no-idea no-krb5 no-mdc2

--openssldir=/opt/openssl hpux-cc

FIPS Capable OpenSSL (based on OpenSSL A.00.09.08o and linked against FIPS-1.2 module) is

built with the following options:

./Configure threads zlib shared no-rc5 no-idea no-krb5

--openssldir=/opt/openssl hpux-cc

Where:

threads

Creates a library suitable for multi threaded applications.

zlib Provides support for zlib compression.

shared

Builds shared libraries.

no-rc5

Builds OpenSSL without the Rivest encryption Cipher 5 (RC5) cipher algorithm.

no-idea

Builds OpenSSL without the International Data Encryption Algorithm (IDEA)

cipher.

no-krb5

Directs OpenSSL not to compile in any Kerberos 5 (KRB5) library or code.

no-mdc2

(MDC2) library or code.

--prefix Specifies the prefix for the OpenSSL include, lib, and bin directories.

OpenSSL Versions A.00.09.07m and A.00.09.08o use different cryptographic algorithms to perform

operations, such as authenticating the server and client to each other, transmitting certificates,

and establishing session keys.

OpenSSL A.00.09.07m and A.00.09.08o features

OpenSSL A.00.09.07m and A.00.09.08o support the following security features:

• Ciphers

• Message Digest

• Public key encryption

• Certificates

• Encoding

The following sections discuss each of the security features in detail.

Ciphers

A cipher algorithm is a mechanism used to encrypt or decrypt a message. OpenSSL A.00.09.07m

and A.00.09.08o support the following ciphers:

• Blowfish

• Carlisle Adams and Stafford Tavares (CAST)

• Advanced Encryption Standard (AES)

• Data Encryption Standard (DES)

CAUTION: DES has been cracked (data encoded by DES has been decoded by a third

party). HP recommends that you use DES only when you are required to do so for

compatibility reasons or because of legal restrictions.

• Triple Data Encryption Standard (3DES)

• Data Encryption Standard Extension (DESX)

8 OpenSSL A.00.09.08o.001, A.00.09.08o.002, and A.00.09.08o.003