OpenSSL A.00.09.08r.001, A.00.09.08r.002, and A.00.09.08r.003 Release Notes (5900-1845, July 2011)
Table Of Contents
- OpenSSL A.00.09.08r.001, A.00.09.08r.002, and A.00.09.08r.003 Release Notes
- Contents
- 1 OpenSSL A.00.09.08r.001, A.00.09.08r.002, and A.00.09.08r.003
- Announcement
- OpenSSL A.00.09.07m and A.00.09.08r features
- What is in OpenSSL A.00.09.08r
- OpenSSL components
- Defects fixed in OpenSSL version A.00.09.07m
- Defects fixed in OpenSSL version A.00.09.08r
- Known problems
- Compatibility information and installation requirements
- Installing OpenSSL
- Using the Openssl command-line tool
- OpenSSL resources
- Frequently asked questions (FAQs)
./Configure threads zlib shared no-rc5 no-idea no-krb5
--openssldir=/opt/openssl hpux-cc
FIPS Capable OpenSSL (based on OpenSSL A.00.09.07m and linked against FIPS-1.1.2 module)
is built with the following options:
./Configure threads zlib shared no-rc5 no-idea no-krb5 no-mdc2
--openssldir=/opt/openssl hpux-cc
FIPS Capable OpenSSL (based on OpenSSL A.00.09.08r and linked against FIPS-1.2 module) is
built with the following options:
./Configure threads zlib shared no-rc5 no-idea no-krb5
--openssldir=/opt/openssl hpux-cc
Where:
threads Creates a library suitable for multi threaded applications.
zlib Provides support for zlib compression.
shared Builds shared libraries.
no-rc5 Builds OpenSSL without the Rivest encryption Cipher 5 (RC5) cipher algorithm.
no-idea Builds OpenSSL without the International Data Encryption Algorithm (IDEA) cipher.
no-krb5 Directs OpenSSL not to compile in any Kerberos 5 (KRB5) library or code.
no-mdc2 (MDC2) library or code.
--prefix Specifies the prefix for the OpenSSL include, lib, and bin directories.
OpenSSL Versions A.00.09.07m and A.00.09.08r use different cryptographic algorithms to
perform operations, such as authenticating the server and client to each other, transmitting
certificates, and establishing session keys.
OpenSSL A.00.09.07m and A.00.09.08r features
OpenSSL A.00.09.07m and A.00.09.08r support the following security features:
• Ciphers
• Message Digest
• Public key encryption
• Certificates
• Encoding
• FIPS
The following sections discuss each of the security features in detail.
Ciphers
A cipher algorithm is a mechanism used to encrypt or decrypt a message. OpenSSL A.00.09.07m
and A.00.09.08r support the following ciphers:
• Blowfish
• Carlisle Adams and Stafford Tavares (CAST)
• Advanced Encryption Standard (AES)
• Data Encryption Standard (DES)
CAUTION: DES has been cracked (data encoded by DES has been decoded by a third
party). HP recommends that you use DES only when you are required to do so for compatibility
reasons or because of legal restrictions.
• Triple Data Encryption Standard (3DES)
OpenSSL A.00.09.07m and A.00.09.08r features 5