Manualshelf

OpenSSL A.00.09.08y.001, A.00.09.08y.002, and A.00.09.08y.003 Release Notes (5900-3078, March 2013)

ManualsBrandsHP ManualsSoftwareHP-UX OpenSSL Software
17181920212223242526
Example 4 When an old version of OpenSSL from Internet Express is installed on the system
# what /usr/bin/openssl
OpenSSL A.02.00-0.9.7c
Example 5 If you are running OpenSSL A.00.09.08y.003 on HP-UX 11i V3
# what /usr/bin/openssl
/usr/bin/openssl:
$OpenSSL A.00.09.08y.003, Zlib: v1.2.3 $
$OpenSSL A.00.09.08y.003, Zlib: v1.2.3 $
$OpenSSL A.00.09.08y.003, Zlib: v1.2.3 $
Example 6 When OpenSSL A.00.09.07m.d02 is installed on an HP-UX 11i V2 operating system
# what /usr/bin/openssl
/usr/bin/openssl:
$OpenSSL A.00.09.07m.d02, Zlib: v1.2.3 $
$OpenSSL A.00.09.07m.d02, Zlib: v1.2.3 $
$OpenSSL A.00.09.07m.d02, Zlib: v1.2.3 $
Example 7 You do not have an HP-UX depot installed but have downloaded the source code
and built the product yourself
# what /usr/bin/openssl
The output of the what command depends on what you defined for the $what string in the
source code before you built the product.
19 A lot of information is available for OpenSSL-enabler products, such as Stunnel. How is the
procedure for installation in Stunnel different from the OpenSSL A.00.09.07m or A.00.09.08y
installation?
Consider a client-server application sending and receiving unencrypted data over the network.
You now want to achieve a higher level of security for your application. The following methods
describe how to use OpenSSL technology to encrypt client/server communication:
You can modify client and server code using OpenSSL functions. This method gives you
the highest degree of flexibility and control regarding the features and how you implement
them.
You can set up a Stunnel-based environment in which data from the client application is
sent to a Stunnel client instead of to the server. The Stunnel client encrypts the data using
OpenSSL technology and sends encrypted data to the Stunnel server. The Stunnel server
decrypts the data and sends the original data to the target server application. The same
process is followed when data is sent from the server to the client application. This
approach enables you to secure your client-server application without changing the source
code, but limits you to the features offered by the Stunnel environment.
These are the two distinct choices available to a user application environment that wants
to SSL-encrypt its client-server communication. Both choices are valid. Direct use of the
OpenSSL library clearly provides more options.
20 What is the FIPS relationship to the OpenSSL API?
The FIPS object module is designed for use with the OpenSSL API. Applications linked with
the FIPS object module and with the separate OpenSSL libraries can use both the FIPS-validated
cryptographic functions of the FIPS object module and the high level functions of OpenSSL.
The FIPS object module is the special monolithic object module built from the special source
distribution identified in the Security Policy. It is not the same as the OpenSSL product or any
specific official OpenSSL distribution release.
Frequently asked questions (FAQs) 25