OA 12.26 OpenSSL 3.x

Hi,

I have a macchian installed with OA agent version 12.21 which submitted to VA/PT gave the vulnerability related to OpenSSL certificate because old version 1.1.1.

I found that as a solution just upgrade to version 12.26 because it has OpenSSL version 3.x.x inside.

Only once the upgrade is completed if I run the command “openssl version” I see the older version 1.1.1.

From the online documentation I see: https://docs.microfocus.com/doc/Operations_Agent/12.26/ReleaseSummary

Upgraded open source components

Operations Agent 12.26 upgrades the following open source components to a newer version:

  • OpenSSL 3.0.13

How can I verify that the OpenSLL version has actually been upgraded?
I also tried searching the installation file path but couldn't find anything.

Would anyone be able to help me? I need to be able to prove that the version of OpenSSL has actually been upgraded.

Kind regards,
Roberto Marino.

  • Verified Answer

    +1  

    Hello,

    You have to know that openSSL dynamically linked within libOvSecCore.so. 

    Then you can run strings on the shared object/library:

    # /opt/OV/bin/opcagt -version
    12.26.008

    # ldd /opt/OV/lbin/eaagt/opcmsga |grep -i libOvSecCore
    libOvSecCore.so => /opt/OV/lib64/libOvSecCore.so (0x00007fc74a600000)

    # strings /opt/OV/lib64/libOvSecCore.so |grep "OpenSSL 3.0"
    OpenSSL 3.0.13 30 Jan 2024

    Running "openssl version" shows the version of the executable in the path called openssl and is not related to OA12.  /usr/bin/openssl is a command line tool.

    # /usr/bin/openssl version
    OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)

    I hope this answers your question.

  • 0 in reply to   

    Thank you very much,

    I was able to verify the version correctly.

    Regards, Roberto.