login about faq

Hi, I'd like to know how to disable OpenSSL on Tectia Client/Server.

asked Jul 02 '14 at 13:05

SSH%20KB's gravatar image

SSH KB ♦
509249246237


Tectia products contain the full OpenSSL cryptographic library "crypto", but only the algorithms provided by the fipscanister object are used by Tectia.

None of the recently discovered OpenSSL vulnerabilities affect Tectia.

When Tectia Client/Server is not used in the FIPS compliant mode (for more information, see Tectia Client User Manual / Tectia Server Administrator Manual), the OpenSSL cryptographic library is not needed and can be removed.

Once the OpenSSL cryptographic library is removed, if Tectia Client and/or Server are configured to run in the FIPS compliant mode, they will refuse to start.

If you do not use the FIPS mode and want to remove OpenSSL from your Tectia installation, see the following instructions for your platform.

Note: In the following filenames:

  • <x>, <y>, <z> and <b> indicate the Tectia product release version and build numbers, for example 6.4.7.204.

  • <a>, <b> and <c> indicate the OpenSSL version number, for example 1.0.0.


Linux / Oracle Solaris / HP-UX (IA-64)

To remove OpenSSL from Tectia Client/Server on Linux, Oracle Solaris or HP-UX (IA-64), delete the following files:

  • /opt/tectia/lib/shlib/libcrypto.so.<a>.<b>.<c>

  • /opt/tectia/lib/sshsecsh/<x>.<y>.<z>.<b>/libsshcrypto-fips.so

IBM AIX

To remove OpenSSL from Tectia Client/Server on IBM AIX, delete the following files:

  • /opt/tectia/lib/shlib/libcrypto.a

  • /opt/tectia/lib/sshsecsh/<x>.<y>.<z>.<b>/libsshcrypto-fips.so

HP-UX (PA-RISC)

To remove OpenSSL from Tectia Client/Server on HP-UX (PA-RISC), delete the following files:

  • /opt/tectia/lib/shlib/libcrypto.sl.<a>.<b>.<c>

  • /opt/tectia/lib/sshsecsh/<x>.<y>.<z>.<b>/libsshcrypto-fips.so

Windows

In the following list, <INSTALLDIR> indicates the default Tectia installation directory on Windows:

  • "C:\Program Files\SSH Communications Security\SSH Tectia" on 32-bit Windows versions

  • "C:\Program Files (x86)\SSH Communications Security\SSH Tectia" on 64-bit Windows versions.

To remove OpenSSL from Tectia Client/Server on Windows, delete the following files:

  • <INSTALLDIR>\SSH Tectia AUX\Plugins\<x>.<y>.<z>.<b>\sshcrypto1.dll

  • <INSTALLDIR>\SSH Tectia AUX\Support binaries\libeay32.dll

  • <INSTALLDIR>\SSH Tectia AUX\libeay32.dll

  • <INSTALLDIR>\SSH Tectia Broker\libeay32.dll

  • <INSTALLDIR>\SSH Tectia Client\libeay32.dll

  • <INSTALLDIR>\SSH Tectia Server\libeay32.dll

link

answered Jul 02 '14 at 13:14

SSH%20KB's gravatar image

SSH KB ♦
509249246237

edited Apr 19 at 21:55

Joe%20-%20Tectia%20Support's gravatar image

Joe - Tectia Support ♦♦
55215

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×30
×29
×3

Asked: Jul 02 '14 at 13:05

Seen: 4,178 times

Last updated: Apr 19 at 21:55

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.