Moving to Openssl 1.1.1

6. RE: Moving to Openssl 1.1.1

Like

Vasiliy Gokoyev

Posted Mon August 22, 2022 03:01 PM
Edited by Vasiliy Gokoyev Mon August 22, 2022 03:01 PM

Hi
Thank you for rolling out refreshes to the 1.1.1 library

PHP looks better now, however when the module runs under Apache it appears to fall back to the 1.0.2 version. Any chance httpd RPM can be compiled next?

Apache/2.4.54 (Unix) PHP/7.4.30 OpenSSL/1.0.2u

# ldd /opt/freeware/lib64/httpd/modules/mod_ssl.so
/opt/freeware/lib64/httpd/modules/mod_ssl.so needs:
/usr/lib/libssl.a(libssl.so.1.0.2)
/usr/lib/libcrypto.a(libcrypto.so.1.0.2)
/usr/lib/libc.a(shr_64.o)
/opt/freeware/lib64/libgcc_s.a(shr.o)
/unix
/usr/lib/libcrypt.a(shr_64.o)

------------------------------
Vasiliy Gokoyev
------------------------------

Original Message

7. RE: Moving to Openssl 1.1.1

Like

SANKET RATHI

Posted Thu September 01, 2022 11:19 AM

Okay we will put httpd in our priority list to compile with openssl 1.1.1

------------------------------
SANKET RATHI
------------------------------

Original Message

Original Message:
Sent: Mon August 22, 2022 03:00 PM
From: Vasiliy Gokoyev
Subject: Moving to Openssl 1.1.1

Hi
Thank you for rolling out refreshes to the 1.1.1 library

PHP looks better now, however when the module runs under Apache it appears to fall back to the 1.0.2 version. Any chance httpd RPM can be compiled next?

Apache/2.4.54 (Unix) PHP/7.4.30 OpenSSL/1.0.2u

# ldd /opt/freeware/lib64/httpd/modules/mod_ssl.so
/opt/freeware/lib64/httpd/modules/mod_ssl.so needs:
/usr/lib/libssl.a(libssl.so.1.0.2)
/usr/lib/libcrypto.a(libcrypto.so.1.0.2)
/usr/lib/libc.a(shr_64.o)
/opt/freeware/lib64/libgcc_s.a(shr.o)
/unix
/usr/lib/libcrypt.a(shr_64.o)

------------------------------
Vasiliy Gokoyev

Original Message:
Sent: Mon August 22, 2022 12:29 PM
From: SANKET RATHI
Subject: Moving to Openssl 1.1.1

As per plan nginx and php are build against openssl 1.1.1 and published from AIX toolbox.
You can install latest nginx and php from AIX toolbox but before that make sure you have openssl 1.1.1 installed from AIX web download.
We are keep updating other packages also with openssl 1.1.1.

------------------------------
SANKET RATHI

Original Message:
Sent: Tue June 14, 2022 08:12 AM
From: Sandeep Umesh
Subject: Moving to Openssl 1.1.1

Hello

Thanks for pointing out this.
The readme and web pack related information will be updated by end of this week.

------------------------------
Sandeep Umesh

Original Message:
Sent: Tue June 14, 2022 03:56 AM
From: Juergen Maehlmann
Subject: Moving to Openssl 1.1.1

Hi,

1) how can it bee, that the "official" MRS-side, doesn't show openssl 1.1.1 ?

https://www.ibm.com/resources/mrs/assets/packageList?source=aixbp&lang=en_US

please keep the ground-information updated, too.

2) both openssl-package-versions have the same download-name. please distinct between with and without weak-ciphers.

3) regarding the readme, it's totally unclear - at least to me - if latest available openssh (8.1) will work with this openssl-package.
i) please confirm, that openssh (daemon), which is most commonly used for secure logins, will work with this version.

kind regards ,
Jürgen Mählmann

------------------------------
Juergen Maehlmann

Original Message:
Sent: Mon June 13, 2022 10:39 AM
From: SANKET RATHI
Subject: Moving to Openssl 1.1.1

Hello AIX Toolbox Users,

As openssl 1.1.1 is available for AIX from AIX web download many of the AIX customers are requesting to move to openssl 1.1.1 for AIX Toolbox packages.

We are planning to move to openssl 1.1.1 in phases and will start with nginx and php.

Openssl 1.1.1 does not come with AIX by default one has to install it from AIX web download program and install.

If one see error for not finding libcrypto.so.1.1.1 by these packages then you will have to install latest openssl 1.1.1 from AIX web download.

We will slowly move other packages also to openssl 1.1.1 and when openssl 3.0 will be available for AIX we will move to that.

The older versions of packages will still be available on AIX Toolbox those uses openssl 1.0.2.
If someone does not want to install openssl 1.1.1 then he can stay at older packages or install older version of package.

Kindly let us know if anyone see any issue or have any concern with this.

Our plan for update for nginx and php is next quarter.

------------------------------
SANKET RATHI
------------------------------

8. RE: Moving to Openssl 1.1.1

Like

Scott Gruber

Posted Fri September 02, 2022 12:52 PM

I was told 1Q/2023 - can this not be done sooner ?

------------------------------
Scott Gruber
------------------------------

Original Message

Original Message:
Sent: Thu September 01, 2022 11:18 AM
From: SANKET RATHI
Subject: Moving to Openssl 1.1.1

Okay we will put httpd in our priority list to compile with openssl 1.1.1

------------------------------
SANKET RATHI

Original Message:
Sent: Mon August 22, 2022 03:00 PM
From: Vasiliy Gokoyev
Subject: Moving to Openssl 1.1.1

Hi
Thank you for rolling out refreshes to the 1.1.1 library

PHP looks better now, however when the module runs under Apache it appears to fall back to the 1.0.2 version. Any chance httpd RPM can be compiled next?

Apache/2.4.54 (Unix) PHP/7.4.30 OpenSSL/1.0.2u

# ldd /opt/freeware/lib64/httpd/modules/mod_ssl.so
/opt/freeware/lib64/httpd/modules/mod_ssl.so needs:
/usr/lib/libssl.a(libssl.so.1.0.2)
/usr/lib/libcrypto.a(libcrypto.so.1.0.2)
/usr/lib/libc.a(shr_64.o)
/opt/freeware/lib64/libgcc_s.a(shr.o)
/unix
/usr/lib/libcrypt.a(shr_64.o)

------------------------------
Vasiliy Gokoyev

Original Message:
Sent: Mon August 22, 2022 12:29 PM
From: SANKET RATHI
Subject: Moving to Openssl 1.1.1

As per plan nginx and php are build against openssl 1.1.1 and published from AIX toolbox.
You can install latest nginx and php from AIX toolbox but before that make sure you have openssl 1.1.1 installed from AIX web download.
We are keep updating other packages also with openssl 1.1.1.

------------------------------
SANKET RATHI

Original Message:
Sent: Tue June 14, 2022 08:12 AM
From: Sandeep Umesh
Subject: Moving to Openssl 1.1.1

Hello

Thanks for pointing out this.
The readme and web pack related information will be updated by end of this week.

------------------------------
Sandeep Umesh

Original Message:
Sent: Tue June 14, 2022 03:56 AM
From: Juergen Maehlmann
Subject: Moving to Openssl 1.1.1

Hi,

1) how can it bee, that the "official" MRS-side, doesn't show openssl 1.1.1 ?

https://www.ibm.com/resources/mrs/assets/packageList?source=aixbp&lang=en_US

please keep the ground-information updated, too.

2) both openssl-package-versions have the same download-name. please distinct between with and without weak-ciphers.

3) regarding the readme, it's totally unclear - at least to me - if latest available openssh (8.1) will work with this openssl-package.
i) please confirm, that openssh (daemon), which is most commonly used for secure logins, will work with this version.

kind regards ,
Jürgen Mählmann

------------------------------
Juergen Maehlmann

Original Message:
Sent: Mon June 13, 2022 10:39 AM
From: SANKET RATHI
Subject: Moving to Openssl 1.1.1

Hello AIX Toolbox Users,

As openssl 1.1.1 is available for AIX from AIX web download many of the AIX customers are requesting to move to openssl 1.1.1 for AIX Toolbox packages.

We are planning to move to openssl 1.1.1 in phases and will start with nginx and php.

Openssl 1.1.1 does not come with AIX by default one has to install it from AIX web download program and install.

If one see error for not finding libcrypto.so.1.1.1 by these packages then you will have to install latest openssl 1.1.1 from AIX web download.

We will slowly move other packages also to openssl 1.1.1 and when openssl 3.0 will be available for AIX we will move to that.

The older versions of packages will still be available on AIX Toolbox those uses openssl 1.0.2.
If someone does not want to install openssl 1.1.1 then he can stay at older packages or install older version of package.

Kindly let us know if anyone see any issue or have any concern with this.

Our plan for update for nginx and php is next quarter.

------------------------------
SANKET RATHI
------------------------------

9. RE: Moving to Openssl 1.1.1

Like

SANKET RATHI

Posted Wed September 07, 2022 01:26 AM

Hi Scott, We will try.

------------------------------
SANKET RATHI
------------------------------

Original Message

Original Message:
Sent: Fri September 02, 2022 12:51 PM
From: Scott Gruber
Subject: Moving to Openssl 1.1.1

I was told 1Q/2023 - can this not be done sooner ?

------------------------------
Scott Gruber

Original Message:
Sent: Thu September 01, 2022 11:18 AM
From: SANKET RATHI
Subject: Moving to Openssl 1.1.1

Okay we will put httpd in our priority list to compile with openssl 1.1.1

------------------------------
SANKET RATHI

Original Message:
Sent: Mon August 22, 2022 03:00 PM
From: Vasiliy Gokoyev
Subject: Moving to Openssl 1.1.1

Hi
Thank you for rolling out refreshes to the 1.1.1 library

PHP looks better now, however when the module runs under Apache it appears to fall back to the 1.0.2 version. Any chance httpd RPM can be compiled next?

Apache/2.4.54 (Unix) PHP/7.4.30 OpenSSL/1.0.2u

# ldd /opt/freeware/lib64/httpd/modules/mod_ssl.so
/opt/freeware/lib64/httpd/modules/mod_ssl.so needs:
/usr/lib/libssl.a(libssl.so.1.0.2)
/usr/lib/libcrypto.a(libcrypto.so.1.0.2)
/usr/lib/libc.a(shr_64.o)
/opt/freeware/lib64/libgcc_s.a(shr.o)
/unix
/usr/lib/libcrypt.a(shr_64.o)

------------------------------
Vasiliy Gokoyev

Original Message:
Sent: Mon August 22, 2022 12:29 PM
From: SANKET RATHI
Subject: Moving to Openssl 1.1.1

As per plan nginx and php are build against openssl 1.1.1 and published from AIX toolbox.
You can install latest nginx and php from AIX toolbox but before that make sure you have openssl 1.1.1 installed from AIX web download.
We are keep updating other packages also with openssl 1.1.1.

------------------------------
SANKET RATHI

Original Message:
Sent: Tue June 14, 2022 08:12 AM
From: Sandeep Umesh
Subject: Moving to Openssl 1.1.1

Hello

Thanks for pointing out this.
The readme and web pack related information will be updated by end of this week.

------------------------------
Sandeep Umesh

Original Message:
Sent: Tue June 14, 2022 03:56 AM
From: Juergen Maehlmann
Subject: Moving to Openssl 1.1.1

Hi,

1) how can it bee, that the "official" MRS-side, doesn't show openssl 1.1.1 ?

https://www.ibm.com/resources/mrs/assets/packageList?source=aixbp&lang=en_US

please keep the ground-information updated, too.

2) both openssl-package-versions have the same download-name. please distinct between with and without weak-ciphers.

3) regarding the readme, it's totally unclear - at least to me - if latest available openssh (8.1) will work with this openssl-package.
i) please confirm, that openssh (daemon), which is most commonly used for secure logins, will work with this version.

kind regards ,
Jürgen Mählmann

------------------------------
Juergen Maehlmann

Original Message:
Sent: Mon June 13, 2022 10:39 AM
From: SANKET RATHI
Subject: Moving to Openssl 1.1.1

Hello AIX Toolbox Users,

As openssl 1.1.1 is available for AIX from AIX web download many of the AIX customers are requesting to move to openssl 1.1.1 for AIX Toolbox packages.

We are planning to move to openssl 1.1.1 in phases and will start with nginx and php.

Openssl 1.1.1 does not come with AIX by default one has to install it from AIX web download program and install.

If one see error for not finding libcrypto.so.1.1.1 by these packages then you will have to install latest openssl 1.1.1 from AIX web download.

We will slowly move other packages also to openssl 1.1.1 and when openssl 3.0 will be available for AIX we will move to that.

The older versions of packages will still be available on AIX Toolbox those uses openssl 1.0.2.
If someone does not want to install openssl 1.1.1 then he can stay at older packages or install older version of package.

Kindly let us know if anyone see any issue or have any concern with this.

Our plan for update for nginx and php is next quarter.

------------------------------
SANKET RATHI
------------------------------

10. RE: Moving to Openssl 1.1.1

Like

Scott Gruber

Posted Fri April 14, 2023 02:26 PM

Thanks,

Thanks for the latest update for Openssl 1.1.1t - We just received notice from Tenable that 1.1.1t has vulnerabilities and is looking for OpenSSL 1.1.1u.

Let us know an ETA so we can get back with our security department.

Thanks,

------------------------------
Scott Gruber
------------------------------

Original Message

IBM Power

Connect, learn, share, and engage with IBM Power.

AIX Open Source

SANKET RATHIMon June 13, 2022 10:39 AM

Juergen MaehlmannTue June 14, 2022 03:56 AM

SANKET RATHITue June 14, 2022 04:16 AM

Sandeep UmeshTue June 14, 2022 08:13 AM

SANKET RATHIMon August 22, 2022 12:29 PM

Vasiliy GokoyevMon August 22, 2022 03:01 PM

SANKET RATHIThu September 01, 2022 11:19 AM

Scott GruberFri September 02, 2022 12:52 PM

SANKET RATHIWed September 07, 2022 01:26 AM

Scott GruberFri April 14, 2023 02:26 PM

1. Moving to Openssl 1.1.1

2. RE: Moving to Openssl 1.1.1

3. RE: Moving to Openssl 1.1.1

4. RE: Moving to Openssl 1.1.1

5. RE: Moving to Openssl 1.1.1

6. RE: Moving to Openssl 1.1.1

7. RE: Moving to Openssl 1.1.1

8. RE: Moving to Openssl 1.1.1

9. RE: Moving to Openssl 1.1.1

10. RE: Moving to Openssl 1.1.1