Manualshelf

OpenSSL A.00.09.08za.001, A.00.09.08za.002, and A.00.09.08za.003 Release Notes (762808-002, June 2014)

ManualsBrandsHP ManualsSoftwareHP-UX OpenSSL Software
12345678910
./Configure threads zlib shared no-rc5 no-idea no-krb5
--openssldir=/opt/openssl hpux-cc
FIPS Capable OpenSSL (based on OpenSSL A.00.09.07m and linked against FIPS-1.1.2 module)
is built with the following options:
./Configure threads zlib shared no-rc5 no-idea no-krb5 no-mdc2
--openssldir=/opt/openssl hpux-cc
FIPS Capable OpenSSL (based on OpenSSL A.00.09.08za and linked against FIPS-1.2 module)
is built with the following options:
./Configure threads zlib shared no-rc5 no-idea no-krb5
--openssldir=/opt/openssl hpux-cc
Where:
threads Creates a library suitable for multi threaded applications.
zlib Provides support for zlib compression.
shared Builds shared libraries.
no-rc5 Builds OpenSSL without the Rivest encryption Cipher 5 (RC5) cipher algorithm.
no-idea Builds OpenSSL without the International Data Encryption Algorithm (IDEA) cipher.
no-krb5 Directs OpenSSL not to compile in any Kerberos 5 (KRB5) library or code.
no-mdc2 (MDC2) library or code.
--prefix Specifies the prefix for the OpenSSL include, lib, and bin directories.
OpenSSL Versions A.00.09.07m and A.00.09.08za use different cryptographic algorithms to
perform operations, such as authenticating the server and client to each other, transmitting
certificates, and establishing session keys.
Vulnerabilities fixed in OpenSSL A.00.09.08za version
CVE-2013-0169: 4th February 2013
A weakness in the handling of CBC ciphersuites in SSL, TLS, and DTLS which could lead to plaintext
recovery by exploiting timing differences arising during MAC processing. (Original advisory can
be found at http://www.openssl.org/news/secadv_20130205.txt) . Reported by Nadhem J.
AlFardan and Kenneth G. Paterson of the Information Security Group Royal Holloway, University
of London.
CVE-2013-0166: 5th February 2013
A flaw in the OpenSSL handling of OCSP response verification can be exploited in a denial of
service attack. (Original advisory can be found at http://www.openssl.org/news/
secadv_20130205.txt). Reported by Stephen Henson.
OpenSSL A.00.09.07m and A.00.09.08za features
OpenSSL A.00.09.07m and A.00.09.08za support the following security features:
Ciphers
Message Digest
Public key encryption
Certificates
Encoding
FIPS
The following sections discuss each of the security features in detail.
6 OpenSSL A.00.09.08za.001, A.00.09.08za.002, and A.00.09.08za.003