Hi Mark, IBM Ported Tools OpenSSH statically links in parts of the OpenSSL library.
But, OpenSSH does not use SSL/TLS so, the heartbleed exposure would not apply. I assume that IBM's response means that, when statically linking, the parts of OpenSSL that implement TLS are not included. A Binder map of ssh or sshd would verify this. Kirk Wolf Dovetailed Technologies http://dovetail.com On Thu, Apr 10, 2014 at 10:20 AM, Mark Zelden <[email protected]> wrote: > On Thu, 10 Apr 2014 14:37:46 +0000, Ken Porowski <[email protected]> > wrote: > > >How about z/OS Comm Server System SSL? > > > > > > No. System SSL is not openSSL. But I heard in person yesterday because > I also > opened an SR with Ported Tools OpenSSH support Tuesday evening when word > hit > the street and management was nervous and level 1 incorrectly routed it to > System SSL. > > The response from openSSH support was that even though we were running one > of the openSSL vulnerable versions (1.0.1c) with ported tools (V1R2M0), > that > > "IBM's openSSH is not exposed, we do not use the affected library." > > I assume that is a C / C++ include library? > > -- > Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS > ITIL v3 Foundation Certified > mailto:[email protected] > Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html > Systems Programming expert at http://search390.techtarget.com/ateExperts/ > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
