Bookmark and Share
RSS

Recent Posts

How to Keep OpenSSL Up-to-Date

August 03, 2015

Keeping OpenSSL up-to-date is becoming a chore. And waiting for an update in a service pack may not be the best way to do this - for many reasons.
 
The release schedule of many browsers (e.g., FireFox, Chrome, etc.) and their policies toward SSLv3 is pushing me to be up-to-date. SSLv3 is practically synonymous for TLS1.0. The policy of the new browsers is to be way ahead of NIST-like requirements and to ban (read disable, later remove) all support for SSLv3 and even TLS1.1. The “catch” is that anything still using OpenSSL-0.9.8 will stop working because OpenSSL-0.9.8 has no support (nor will it!) for TLS1.2.
 
One of my hobbies is to package open-source software for AIX (via http://www.aixtools.net, or without the fluff at http://download.aixtools.net). I am in the process of updating everything right now and one of my recent discoveries is that OpenSSL-1.0.1.X is available for AIX 5.3 - even though AIX 5.3 is long out of support.
 
In short, the fast path to keeping OpenSSL more current than a service pack is to make use of the AIX Web Download Pack Programs. OpenSSL is one of the (security related) programs that is available outside of the FixCentral portal. And, if you are current using the Web Programs, then you can also apply an ifix that generally have the latest WebPack program as a pre-requisite. For OpenSSL the latest advisory is #14 at ftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory14.asc.
 
Have a great healthy and secure summer!

Posted August 03, 2015 | Permalink

Post a Comment

Note: Comments are moderated and will not appear until approved

comments powered by Disqus