Tectia Client, Server and ConnectSecure releases 6.1.x and earlier do not use the OpenSSL cryptographic library.
Tectia Client, Server and ConnectSecure releases from 6.2.0 to 6.4.6 use the OpenSSL cryptographic library version 0.9.8, which is not affected by the Heartbleed vulnerability.
Tectia Client, Server and ConnectSecure 6.4.7 and 6.4.8 use two different versions of the OpenSSL cryptographic library:
- On Linux, Windows, Solaris and HP-UX Itanium, version 1.0.1e (compiled with -DOPENSSL_NO_HEARTBEATS, and therefore not affected by the Heartbleed vulnerability)
- On HP-UX PA-RISC and IBM AIX, version 0.9.8 (not affected by the Heartbleed vulnerability)
The full OpenSSL cryptographic library is distributed with Tectia Client/Server/ConnectSecure. However, only the algorithms provided by the fipscanister
object in the library are used.
The APIs used by Tectia Client/Server/ConnectSecure from the two different versions of the OpenSSL cryptographic library are listed below.
APIs used from the OpenSSL cryptographic library version 1.0.1e:
- Random numbers: AES/CTR DRBG based on NIST SP800-90A is used from the OpenSSL library. Function RAND_get_rand_method()
- AES ciphers: Variants: ecb, cbc, cfb, ofb, ctr. Functions EVP_aes*
- 3DES ciphers: Variants: ecb, cbc, cfb, ofb. Functions EVP_des_ede3_*
- Math library: Bignum math library used by OpenSSL. Functions BN_*
- Diffie Hellman: Functions DH_*
- Hash functions: Variants: sha1, sha-224, sha-256, sha-384, sha-512. Functions EVP_sha*
- Public Key: Variants: rsa and dsa. Functions RSA_*, DSA_*
APIs used from the OpenSSL cryptographic library version 0.9.8:
- Random numbers: FIPS-approved AES PRNG based on ANSI X9.32 is used from the OpenSSL library. Functions FIPS_rand_*.
- AES ciphers: Variants: ecb, cbc, cfb, ofb, ctr. Functions AES_*
- DES ciphers: Variants: ecb, cbc, cfb, ofb. Functions DES_*
- 3DES ciphers: Variants: ecb, cbc, cfb, ofb. Functions DES_*
- Math library: Bignum math library used by OpenSSL. Functions BN_*
- Diffie Hellman: Functions DH_*
- Hash functions: Variants: sha1, sha-224, sha-256, sha-384, sha-512. Functions SHA1_*, SHA256_*, SHA512_*
- Public Key: Variants: rsa and dsa. Functions RSA_*, DSA_*
answered
Apr 30 '14 at 10:37
SSH KB ♦
509●251●249●241