Manualshelf

OpenSSL A.00.09.08y.001, A.00.09.08y.002, and A.00.09.08y.003 Release Notes (5900-3078, March 2013)

ManualsBrandsHP ManualsSoftwareHP-UX OpenSSL Software
17181920212223242526
The Transport Layer Security (TLS) Internet Engineering Task Force (IETF) Working Groups at:
http://www.ietf.org/html.charters/wg-dir.html#Security%20Area
OpenSSL APIs at: http://www.opensslbook.com/api/index.html
OpenSSL A.00.09.08y.001, A.00.09.08y.002, and A.00.09.08y.003 Release Notes is available
at the following locations:
The HTML and pdf versions are available at: The Business Support Center
A text version of the README.hp readme file in the /opt/openssl directory.
Frequently asked questions (FAQs)
Following are questions frequently asked about OpenSSL.
1 What does OpenSSL do? Why do I need it?
OpenSSL offers an advanced level of security using the SSL/TLS protocols. Client-server
applications that send and receive data over a network are open to a range of vulnerabilities.
They can use SSL/TLS to implement privacy (through encryption), tamper-proofing (through
message digests) and non-repudiation (through certificates and digital signatures).
2 What is the openssl command-line tool? Why do I need it?
The OpenSSL libraries (libssl and libcrypto - the 32 and 64-bit versions of the static
and shared libraries) define the OpenSSL product. The openssl command-line tool is an easy
way for you to quickly execute functions (for example, create certificates) without having to
write a new application for that purpose.
NOTE: The openssl command-line tool is a 32–bit application. It uses the 32–bit static
OpenSSL libraries.
3 There are several flavours of libraries available in OpenSSL A.00.09.07m and OpenSSL
A.00.09.08y. What are they? How do I know when to use which library?
Use the OpenSSL A.00.09.07m and OpenSSL A.00.09.08y libraries for 32-bit and 64-bit
applications. Both the 32-bit and 64-bit versions of the libraries are provided. For a list of all
the library files, see“OpenSSL libraries (page 8). You can also choose to create user
applications using either a static library or a shared library. In addition, OpenSSL A.00.09.08y
contains libraries that support hardware ENGINES.
4 How do I switch between OpenSSL A.00.09.07m and OpenSSL A.00.09.08y?
During installation, the depot installs OpenSSL A.00.09.07m and OpenSSL A.00.09.08y in
the /opt/openssl/0.9.7 and /opt/openssl/0.9.8 directories, respectively. These
directories contain binaries, libraries, manpages, and other files specific to each version of
OpenSSL. The /opt/openssl/switchversion.sh script switches between these two
versions. To change the version of OpenSSL, execute the script as follows:
# /opt/openssl/switchversion.sh
You can also choose to switch the openssl.cnf file based on the version of OpenSSL.
However this is not necessary.
5 How does the performance of OpenSSL A.00.09.08y compare to the Open Source version
0.9.7m or 0.9.8g respectively?
The two products have the same base source code. There is no difference in performance,
other conditions remaining the same. However, the performance of several openssl library
functions is dictated by the random number generator on the system. The /dev/urandom
and /dev/random devices perform better than prngd. You can download /dev/random
at:
http://software.hp.com
6 Does installing OpenSSL require a kernel rebuild?
22 OpenSSL A.00.09.08y.001, A.00.09.08y.002, and A.00.09.08y.003