OpenSSL A.00.09.08y.001, A.00.09.08y.002, and A.00.09.08y.003 Release Notes (762808-001, March 2014)
2 Frequently asked questions (FAQs)
Following are questions frequently asked about OpenSSL.
2.1 What does OpenSSL do? Why do I need it?
OpenSSL offers an advanced level of security using the SSL/TLS protocols. Client-server
applications that send and receive data over a network are open to a range of vulnerabilities.
They can use SSL/TLS to implement privacy (through encryption), tamper-proofing (through
message digests) and non-repudiation (through certificates and digital signatures).
2.2 What is the openssl command-line tool? Why do I need it?
The OpenSSL libraries (libssl and libcrypto - the 32 and 64-bit versions of the static
and shared libraries) define the OpenSSL product. The openssl command-line tool is an
easy way for you to quickly execute functions (for example, create certificates) without
having to write a new application for that purpose.
NOTE: The openssl command-line tool is a 32–bit application. It uses the 32–bit static
OpenSSL libraries.
2.3 There are several flavours of libraries available in OpenSSL A.00.09.07m and OpenSSL
A.00.09.08y. What are they? How do I know when to use which library?
Use the OpenSSL A.00.09.07m and OpenSSL A.00.09.08y libraries for 32-bit and 64-bit
applications. Both the 32-bit and 64-bit versions of the libraries are provided. For a list of
all the library files, see“OpenSSL libraries” (page 9). You can also choose to create user
applications using either a static library or a shared library. In addition, OpenSSL
A.00.09.08y contains libraries that support hardware ENGINES.
2.4 How do I switch between OpenSSL A.00.09.07m and OpenSSL A.00.09.08y?
During installation, the depot installs OpenSSL A.00.09.07m and OpenSSL A.00.09.08y
in the /opt/openssl/0.9.7 and /opt/openssl/0.9.8 directories, respectively. These
directories contain binaries, libraries, manpages, and other files specific to each version
of OpenSSL. The /opt/openssl/switchversion.sh script switches between these
two versions. To change the version of OpenSSL, execute the script as follows:
# /opt/openssl/switchversion.sh
You can also choose to switch the openssl.cnf file based on the version of OpenSSL.
However this is not necessary.
2.5 How does the performance of OpenSSL A.00.09.08y compare to the Open Source version
0.9.7m or 0.9.8g respectively?
The two products have the same base source code. There is no difference in performance,
other conditions remaining the same. However, the performance of several openssl library
functions is dictated by the random number generator on the system. The /dev/urandom
and /dev/random devices perform better than prngd. You can download /dev/random
at:
http://software.hp.com
2.6 Does installing OpenSSL require a kernel rebuild?
No. OpenSSL contains application libraries and a command-line tool. It does not require
a kernel rebuild or system reboot.
2.7 How can I install OpenSSL A.00.09.07m or A.00.09.08y?
You can install OpenSSL A.00.09.07m or A.00.09.08y from the application CD or the
Web using the swinstall command.
2.8 How can I uninstall OpenSSL A.00.09.07m or A.00.09.08y?
Use the following command to uninstall OpenSSL:
# swremove OpenSSL
24 Frequently asked questions (FAQs)