Walt, You are correct. IBM Ported Tools OpenSSH includes *some* of the crypto algorithms (ciphers, MACs, and RSA, DSA, and EC-DSA key operations) from OpenSSL. But OpenSSH doesn't use SSL (at all), so the issues that we have seen with OpenSSL do not apply.
Also, IBM Ported Tools OpenSSH uses ICSF for selected (and commonly used) crypto algorithms, bypassing OpenSSL altogether. Kirk Wolf Dovetailed Technologies http://dovetail.com On Sun, Jun 21, 2015 at 10:36 AM, Walt Farrell <[email protected]> wrote: > On Sat, 20 Jun 2015 22:58:52 -0500, Anthony Fletcher <[email protected]> > wrote: > > >Does anyone know where an up to date verson of OpenSSL that will run on > z/OS can be found. The version shipped in IBM Ported Tools is not current. > I understand that at least version 1.0.1n is needed to address the POODLE > and other exposures. > > It is my impression (possibly incorrect, I suppose) that the IBM Ported > Tools implementation of OpenSSL is buried internally such that it is usable > only by components of IBM Ported Tools itself, not by customer applications > directly. Further, I believe that the functions of OpenSSL used by the > components of IBM Ported Tools do not have POODLE and the other known > exposures. > > If OpenSSL as used by IBM Ported Tools does have any of those exposures > then IBM would release Security or Integrity PTFs to fix them. > > Therefore, I do not think you need to worry about updating it. > > -- > Walt > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
