Hello AIX Toolbox Users,

As openssl 1.1.1 is available for AIX from AIX web download many of the AIX customers are requesting to move to openssl 1.1.1 for AIX Toolbox packages.

We are planning to move to openssl 1.1.1 in phases and will start with nginx and php.

Openssl 1.1.1 does not come with AIX by default one has to install it from AIX web download program and install.

If one see error for not finding libcrypto.so.1.1.1 by these packages then you will have to install latest openssl 1.1.1 from AIX web download.

We will slowly move other packages also to openssl 1.1.1  and when openssl 3.0 will be available for AIX we will move to that.

The older versions of packages will still be available on AIX Toolbox those uses openssl 1.0.2.
If someone does not want to install openssl 1.1.1 then he can stay at older packages or install older version of package. 

Kindly let us know if anyone see any issue or have any concern with this. 

Our plan for update for nginx and php  is next quarter.

------------------------------
SANKET RATHI
------------------------------

Hello AIX Toolbox Users,

As openssl 1.1.1 is available for AIX from AIX web download many of the AIX customers are requesting to move to openssl 1.1.1 for AIX Toolbox packages.

We are planning to move to openssl 1.1.1 in phases and will start with nginx and php.

Openssl 1.1.1 does not come with AIX by default one has to install it from AIX web download program and install.

If one see error for not finding libcrypto.so.1.1.1 by these packages then you will have to install latest openssl 1.1.1 from AIX web download.

We will slowly move other packages also to openssl 1.1.1  and when openssl 3.0 will be available for AIX we will move to that.

The older versions of packages will still be available on AIX Toolbox those uses openssl 1.0.2.
If someone does not want to install openssl 1.1.1 then he can stay at older packages or install older version of package. 

Kindly let us know if anyone see any issue or have any concern with this. 

Our plan for update for nginx and php  is next quarter.

------------------------------
SANKET RATHI
------------------------------

Hello AIX Toolbox Users,

As openssl 1.1.1 is available for AIX from AIX web download many of the AIX customers are requesting to move to openssl 1.1.1 for AIX Toolbox packages.

We are planning to move to openssl 1.1.1 in phases and will start with nginx and php.

Openssl 1.1.1 does not come with AIX by default one has to install it from AIX web download program and install.

If one see error for not finding libcrypto.so.1.1.1 by these packages then you will have to install latest openssl 1.1.1 from AIX web download.

We will slowly move other packages also to openssl 1.1.1  and when openssl 3.0 will be available for AIX we will move to that.

The older versions of packages will still be available on AIX Toolbox those uses openssl 1.0.2.
If someone does not want to install openssl 1.1.1 then he can stay at older packages or install older version of package. 

Kindly let us know if anyone see any issue or have any concern with this. 

Our plan for update for nginx and php  is next quarter.

------------------------------
SANKET RATHI
------------------------------

Hello AIX Toolbox Users,

As openssl 1.1.1 is available for AIX from AIX web download many of the AIX customers are requesting to move to openssl 1.1.1 for AIX Toolbox packages.

We are planning to move to openssl 1.1.1 in phases and will start with nginx and php.

Openssl 1.1.1 does not come with AIX by default one has to install it from AIX web download program and install.

If one see error for not finding libcrypto.so.1.1.1 by these packages then you will have to install latest openssl 1.1.1 from AIX web download.

We will slowly move other packages also to openssl 1.1.1  and when openssl 3.0 will be available for AIX we will move to that.

The older versions of packages will still be available on AIX Toolbox those uses openssl 1.0.2.
If someone does not want to install openssl 1.1.1 then he can stay at older packages or install older version of package. 

Kindly let us know if anyone see any issue or have any concern with this. 

Our plan for update for nginx and php  is next quarter.

------------------------------
SANKET RATHI
------------------------------

Hello AIX Toolbox Users,

As openssl 1.1.1 is available for AIX from AIX web download many of the AIX customers are requesting to move to openssl 1.1.1 for AIX Toolbox packages.

We are planning to move to openssl 1.1.1 in phases and will start with nginx and php.

Openssl 1.1.1 does not come with AIX by default one has to install it from AIX web download program and install.

If one see error for not finding libcrypto.so.1.1.1 by these packages then you will have to install latest openssl 1.1.1 from AIX web download.

We will slowly move other packages also to openssl 1.1.1  and when openssl 3.0 will be available for AIX we will move to that.

The older versions of packages will still be available on AIX Toolbox those uses openssl 1.0.2.
If someone does not want to install openssl 1.1.1 then he can stay at older packages or install older version of package. 

Kindly let us know if anyone see any issue or have any concern with this. 

Our plan for update for nginx and php  is next quarter.

------------------------------
SANKET RATHI
------------------------------

Hello AIX Toolbox Users,

As openssl 1.1.1 is available for AIX from AIX web download many of the AIX customers are requesting to move to openssl 1.1.1 for AIX Toolbox packages.

We are planning to move to openssl 1.1.1 in phases and will start with nginx and php.

Openssl 1.1.1 does not come with AIX by default one has to install it from AIX web download program and install.

If one see error for not finding libcrypto.so.1.1.1 by these packages then you will have to install latest openssl 1.1.1 from AIX web download.

We will slowly move other packages also to openssl 1.1.1  and when openssl 3.0 will be available for AIX we will move to that.

The older versions of packages will still be available on AIX Toolbox those uses openssl 1.0.2.
If someone does not want to install openssl 1.1.1 then he can stay at older packages or install older version of package. 

Kindly let us know if anyone see any issue or have any concern with this. 

Our plan for update for nginx and php  is next quarter.

------------------------------
SANKET RATHI
------------------------------

Hello AIX Toolbox Users,

As openssl 1.1.1 is available for AIX from AIX web download many of the AIX customers are requesting to move to openssl 1.1.1 for AIX Toolbox packages.

We are planning to move to openssl 1.1.1 in phases and will start with nginx and php.

Openssl 1.1.1 does not come with AIX by default one has to install it from AIX web download program and install.

If one see error for not finding libcrypto.so.1.1.1 by these packages then you will have to install latest openssl 1.1.1 from AIX web download.

We will slowly move other packages also to openssl 1.1.1  and when openssl 3.0 will be available for AIX we will move to that.

The older versions of packages will still be available on AIX Toolbox those uses openssl 1.0.2.
If someone does not want to install openssl 1.1.1 then he can stay at older packages or install older version of package. 

Kindly let us know if anyone see any issue or have any concern with this. 

Our plan for update for nginx and php  is next quarter.

------------------------------
SANKET RATHI
------------------------------

Hello AIX Toolbox Users,

As openssl 1.1.1 is available for AIX from AIX web download many of the AIX customers are requesting to move to openssl 1.1.1 for AIX Toolbox packages.

We are planning to move to openssl 1.1.1 in phases and will start with nginx and php.

Openssl 1.1.1 does not come with AIX by default one has to install it from AIX web download program and install.

If one see error for not finding libcrypto.so.1.1.1 by these packages then you will have to install latest openssl 1.1.1 from AIX web download.

We will slowly move other packages also to openssl 1.1.1  and when openssl 3.0 will be available for AIX we will move to that.

The older versions of packages will still be available on AIX Toolbox those uses openssl 1.0.2.
If someone does not want to install openssl 1.1.1 then he can stay at older packages or install older version of package. 

Kindly let us know if anyone see any issue or have any concern with this. 

Our plan for update for nginx and php  is next quarter.

------------------------------
SANKET RATHI
------------------------------

# ldd /opt/freeware/lib64/httpd/modules/mod_ssl.so
/opt/freeware/lib64/httpd/modules/mod_ssl.so needs:
/usr/lib/libssl.a(libssl.so.1.0.2)
/usr/lib/libcrypto.a(libcrypto.so.1.0.2)
/usr/lib/libc.a(shr_64.o)
/opt/freeware/lib64/libgcc_s.a(shr.o)
/unix
/usr/lib/libcrypt.a(shr_64.o)

------------------------------
Vasiliy Gokoyev

Original Message:
Sent: Mon August 22, 2022 12:29 PM
From: SANKET RATHI
Subject: Moving to Openssl 1.1.1

As per plan nginx and php are build against openssl 1.1.1 and published from AIX toolbox. 
You can install latest nginx and php from AIX toolbox but before that make sure you have openssl 1.1.1 installed from AIX web download. 
We are keep updating other packages also with openssl 1.1.1.

------------------------------
SANKET RATHI

Original Message:
Sent: Tue June 14, 2022 08:12 AM
From: Sandeep Umesh
Subject: Moving to Openssl 1.1.1

Hello

Thanks for pointing out this.
The readme and web pack related information will be updated by end of this week.


------------------------------
Sandeep Umesh

Original Message:
Sent: Tue June 14, 2022 03:56 AM
From: Juergen Maehlmann
Subject: Moving to Openssl 1.1.1

Hi,

1) how can it bee, that the "official" MRS-side, doesn't show openssl 1.1.1 ?

https://www.ibm.com/resources/mrs/assets/packageList?source=aixbp&lang=en_US

please keep the ground-information updated, too.

2) both openssl-package-versions have the same download-name. please distinct between with and without weak-ciphers.

3) regarding the readme, it's totally unclear - at least to me - if latest available openssh  (8.1) will work with this openssl-package.
     i) please confirm, that openssh (daemon), which is most commonly used for secure logins, will work with this version.

kind regards ,
Jürgen Mählmann


------------------------------
Juergen Maehlmann

Original Message:
Sent: Mon June 13, 2022 10:39 AM
From: SANKET RATHI
Subject: Moving to Openssl 1.1.1

Hello AIX Toolbox Users,

As openssl 1.1.1 is available for AIX from AIX web download many of the AIX customers are requesting to move to openssl 1.1.1 for AIX Toolbox packages.

We are planning to move to openssl 1.1.1 in phases and will start with nginx and php.

Openssl 1.1.1 does not come with AIX by default one has to install it from AIX web download program and install.

If one see error for not finding libcrypto.so.1.1.1 by these packages then you will have to install latest openssl 1.1.1 from AIX web download.

We will slowly move other packages also to openssl 1.1.1  and when openssl 3.0 will be available for AIX we will move to that.

The older versions of packages will still be available on AIX Toolbox those uses openssl 1.0.2.
If someone does not want to install openssl 1.1.1 then he can stay at older packages or install older version of package. 

Kindly let us know if anyone see any issue or have any concern with this. 

Our plan for update for nginx and php  is next quarter.

------------------------------
SANKET RATHI
------------------------------

Hi @SANKET RATHI - I am trying to compile Apache with openssl 3.0.* and I get the following errors during make

ld: 0711-317 ERROR: Undefined symbol: .TLS_client_method
ld: 0711-317 ERROR: Undefined symbol: .X509_get_version
ld: 0711-317 ERROR: Undefined symbol: .X509_get_notBefore
ld: 0711-317 ERROR: Undefined symbol: .X509_get_notAfter
ld: 0711-317 ERROR: Undefined symbol: .EVP_PKEY_get_bits
ld: 0711-317 ERROR: Undefined symbol: .SSL_in_init
ld: 0711-317 ERROR: Undefined symbol: .OPENSSL_sk_num
ld: 0711-317 ERROR: Undefined symbol: .OPENSSL_sk_value
ld: 0711-317 ERROR: Undefined symbol: .EVP_PKEY_get_id
ld: 0711-317 ERROR: Undefined symbol: .EVP_PKEY_get_utf8_string_param
ld: 0711-317 ERROR: Undefined symbol: .BIO_set_callback_ex
ld: 0711-317 ERROR: Undefined symbol: .SSL_CTX_set_options
ld: 0711-317 ERROR: Undefined symbol: .SSL_CTX_set_ciphersuites

It looks like the /usr/lib/libssl.a file is missing the functions. All the above functions were introduced in 1.1.1 and did not exist in 1.0.*.  Please provide any suggestions you have to overcome this.

# lslpp -L | grep ssl
  openssl.base           3.0.13.1000    C     F    Open Secure Socket Layer
  openssl.license        3.0.13.1000    C     F    Open Secure Socket License
  openssl.man.en_US      3.0.13.1000    C     F    Open Secure Socket Layer

Any suggestions on how to update the files in /usr/lib? I see that even with openssl1.1.1 we do not have libssl.so.1. So looks like /usr/lib is outdated but need help with getting latest files in there.

------------------------------
Vandy N

Original Message:
Sent: Wed September 07, 2022 01:26 AM
From: SANKET RATHI
Subject: Moving to Openssl 1.1.1

Hi Scott, We will try.

------------------------------
SANKET RATHI

Original Message:
Sent: Fri September 02, 2022 12:51 PM
From: Scott Gruber
Subject: Moving to Openssl 1.1.1

I was told 1Q/2023 - can this not be done sooner ?

------------------------------
Scott Gruber

Original Message:
Sent: Thu September 01, 2022 11:18 AM
From: SANKET RATHI
Subject: Moving to Openssl 1.1.1

Okay we will put httpd in our priority list to compile with openssl 1.1.1

------------------------------
SANKET RATHI

Original Message:
Sent: Mon August 22, 2022 03:00 PM
From: Vasiliy Gokoyev
Subject: Moving to Openssl 1.1.1

Hi 
Thank you for rolling out refreshes to the 1.1.1 library

PHP looks better now, however when the module runs under Apache it appears to fall back to the 1.0.2 version.  Any chance httpd RPM can be compiled next?

# ldd /opt/freeware/lib64/httpd/modules/mod_ssl.so
/opt/freeware/lib64/httpd/modules/mod_ssl.so needs:
/usr/lib/libssl.a(libssl.so.1.0.2)
/usr/lib/libcrypto.a(libcrypto.so.1.0.2)
/usr/lib/libc.a(shr_64.o)
/opt/freeware/lib64/libgcc_s.a(shr.o)
/unix
/usr/lib/libcrypt.a(shr_64.o)

------------------------------
Vasiliy Gokoyev

Original Message:
Sent: Mon August 22, 2022 12:29 PM
From: SANKET RATHI
Subject: Moving to Openssl 1.1.1

As per plan nginx and php are build against openssl 1.1.1 and published from AIX toolbox. 
You can install latest nginx and php from AIX toolbox but before that make sure you have openssl 1.1.1 installed from AIX web download. 
We are keep updating other packages also with openssl 1.1.1.

------------------------------
SANKET RATHI

Original Message:
Sent: Tue June 14, 2022 08:12 AM
From: Sandeep Umesh
Subject: Moving to Openssl 1.1.1

Hello

Thanks for pointing out this.
The readme and web pack related information will be updated by end of this week.


------------------------------
Sandeep Umesh

Original Message:
Sent: Tue June 14, 2022 03:56 AM
From: Juergen Maehlmann
Subject: Moving to Openssl 1.1.1

Hi,

1) how can it bee, that the "official" MRS-side, doesn't show openssl 1.1.1 ?

https://www.ibm.com/resources/mrs/assets/packageList?source=aixbp&lang=en_US

please keep the ground-information updated, too.

2) both openssl-package-versions have the same download-name. please distinct between with and without weak-ciphers.

3) regarding the readme, it's totally unclear - at least to me - if latest available openssh  (8.1) will work with this openssl-package.
     i) please confirm, that openssh (daemon), which is most commonly used for secure logins, will work with this version.

kind regards ,
Jürgen Mählmann


------------------------------
Juergen Maehlmann

Original Message:
Sent: Mon June 13, 2022 10:39 AM
From: SANKET RATHI
Subject: Moving to Openssl 1.1.1

Hello AIX Toolbox Users,

As openssl 1.1.1 is available for AIX from AIX web download many of the AIX customers are requesting to move to openssl 1.1.1 for AIX Toolbox packages.

We are planning to move to openssl 1.1.1 in phases and will start with nginx and php.

Openssl 1.1.1 does not come with AIX by default one has to install it from AIX web download program and install.

If one see error for not finding libcrypto.so.1.1.1 by these packages then you will have to install latest openssl 1.1.1 from AIX web download.

We will slowly move other packages also to openssl 1.1.1  and when openssl 3.0 will be available for AIX we will move to that.

The older versions of packages will still be available on AIX Toolbox those uses openssl 1.0.2.
If someone does not want to install openssl 1.1.1 then he can stay at older packages or install older version of package. 

Kindly let us know if anyone see any issue or have any concern with this. 

Our plan for update for nginx and php  is next quarter.

------------------------------
SANKET RATHI
------------------------------

Toolbox httpd is already built against openssl 1.1.1 for sometime. We will be gradually moving to openssl 3.0 for Toolbox packages soon. 

Hi @SANKET RATHI - I am trying to compile Apache with openssl 3.0.* and I get the following errors during make

ld: 0711-317 ERROR: Undefined symbol: .TLS_client_method
ld: 0711-317 ERROR: Undefined symbol: .X509_get_version
ld: 0711-317 ERROR: Undefined symbol: .X509_get_notBefore
ld: 0711-317 ERROR: Undefined symbol: .X509_get_notAfter
ld: 0711-317 ERROR: Undefined symbol: .EVP_PKEY_get_bits
ld: 0711-317 ERROR: Undefined symbol: .SSL_in_init
ld: 0711-317 ERROR: Undefined symbol: .OPENSSL_sk_num
ld: 0711-317 ERROR: Undefined symbol: .OPENSSL_sk_value
ld: 0711-317 ERROR: Undefined symbol: .EVP_PKEY_get_id
ld: 0711-317 ERROR: Undefined symbol: .EVP_PKEY_get_utf8_string_param
ld: 0711-317 ERROR: Undefined symbol: .BIO_set_callback_ex
ld: 0711-317 ERROR: Undefined symbol: .SSL_CTX_set_options
ld: 0711-317 ERROR: Undefined symbol: .SSL_CTX_set_ciphersuites

It looks like the /usr/lib/libssl.a file is missing the functions. All the above functions were introduced in 1.1.1 and did not exist in 1.0.*.  Please provide any suggestions you have to overcome this.

# lslpp -L | grep ssl
  openssl.base           3.0.13.1000    C     F    Open Secure Socket Layer
  openssl.license        3.0.13.1000    C     F    Open Secure Socket License
  openssl.man.en_US      3.0.13.1000    C     F    Open Secure Socket Layer

Any suggestions on how to update the files in /usr/lib? I see that even with openssl1.1.1 we do not have libssl.so.1. So looks like /usr/lib is outdated but need help with getting latest files in there.

------------------------------
Vandy N

Original Message:
Sent: Wed September 07, 2022 01:26 AM
From: SANKET RATHI
Subject: Moving to Openssl 1.1.1

Hi Scott, We will try.

------------------------------
SANKET RATHI

Original Message:
Sent: Fri September 02, 2022 12:51 PM
From: Scott Gruber
Subject: Moving to Openssl 1.1.1

I was told 1Q/2023 - can this not be done sooner ?

------------------------------
Scott Gruber

Original Message:
Sent: Thu September 01, 2022 11:18 AM
From: SANKET RATHI
Subject: Moving to Openssl 1.1.1

Okay we will put httpd in our priority list to compile with openssl 1.1.1

------------------------------
SANKET RATHI

Original Message:
Sent: Mon August 22, 2022 03:00 PM
From: Vasiliy Gokoyev
Subject: Moving to Openssl 1.1.1

Hi 
Thank you for rolling out refreshes to the 1.1.1 library

PHP looks better now, however when the module runs under Apache it appears to fall back to the 1.0.2 version.  Any chance httpd RPM can be compiled next?

# ldd /opt/freeware/lib64/httpd/modules/mod_ssl.so
/opt/freeware/lib64/httpd/modules/mod_ssl.so needs:
/usr/lib/libssl.a(libssl.so.1.0.2)
/usr/lib/libcrypto.a(libcrypto.so.1.0.2)
/usr/lib/libc.a(shr_64.o)
/opt/freeware/lib64/libgcc_s.a(shr.o)
/unix
/usr/lib/libcrypt.a(shr_64.o)

------------------------------
Vasiliy Gokoyev

Original Message:
Sent: Mon August 22, 2022 12:29 PM
From: SANKET RATHI
Subject: Moving to Openssl 1.1.1

As per plan nginx and php are build against openssl 1.1.1 and published from AIX toolbox. 
You can install latest nginx and php from AIX toolbox but before that make sure you have openssl 1.1.1 installed from AIX web download. 
We are keep updating other packages also with openssl 1.1.1.

------------------------------
SANKET RATHI

Original Message:
Sent: Tue June 14, 2022 08:12 AM
From: Sandeep Umesh
Subject: Moving to Openssl 1.1.1

Hello

Thanks for pointing out this.
The readme and web pack related information will be updated by end of this week.


------------------------------
Sandeep Umesh

Original Message:
Sent: Tue June 14, 2022 03:56 AM
From: Juergen Maehlmann
Subject: Moving to Openssl 1.1.1

Hi,

1) how can it bee, that the "official" MRS-side, doesn't show openssl 1.1.1 ?

https://www.ibm.com/resources/mrs/assets/packageList?source=aixbp&lang=en_US

please keep the ground-information updated, too.

2) both openssl-package-versions have the same download-name. please distinct between with and without weak-ciphers.

3) regarding the readme, it's totally unclear - at least to me - if latest available openssh  (8.1) will work with this openssl-package.
     i) please confirm, that openssh (daemon), which is most commonly used for secure logins, will work with this version.

kind regards ,
Jürgen Mählmann


------------------------------
Juergen Maehlmann

Original Message:
Sent: Mon June 13, 2022 10:39 AM
From: SANKET RATHI
Subject: Moving to Openssl 1.1.1

Hello AIX Toolbox Users,

As openssl 1.1.1 is available for AIX from AIX web download many of the AIX customers are requesting to move to openssl 1.1.1 for AIX Toolbox packages.

We are planning to move to openssl 1.1.1 in phases and will start with nginx and php.

Openssl 1.1.1 does not come with AIX by default one has to install it from AIX web download program and install.

If one see error for not finding libcrypto.so.1.1.1 by these packages then you will have to install latest openssl 1.1.1 from AIX web download.

We will slowly move other packages also to openssl 1.1.1  and when openssl 3.0 will be available for AIX we will move to that.

The older versions of packages will still be available on AIX Toolbox those uses openssl 1.0.2.
If someone does not want to install openssl 1.1.1 then he can stay at older packages or install older version of package. 

Kindly let us know if anyone see any issue or have any concern with this. 

Our plan for update for nginx and php  is next quarter.

------------------------------
SANKET RATHI
------------------------------

Thanks for the reply. We build our own Apache due to some additional modules we need. My question was more about how we can upgrade the openssl library files in /usr/lib folder? Those libraries are still at 1.0.* version in spite of installing openssl 3.0.*  from IBM on the server. 

Toolbox httpd is already built against openssl 1.1.1 for sometime. We will be gradually moving to openssl 3.0 for Toolbox packages soon. 

Hi @SANKET RATHI - I am trying to compile Apache with openssl 3.0.* and I get the following errors during make

ld: 0711-317 ERROR: Undefined symbol: .TLS_client_method
ld: 0711-317 ERROR: Undefined symbol: .X509_get_version
ld: 0711-317 ERROR: Undefined symbol: .X509_get_notBefore
ld: 0711-317 ERROR: Undefined symbol: .X509_get_notAfter
ld: 0711-317 ERROR: Undefined symbol: .EVP_PKEY_get_bits
ld: 0711-317 ERROR: Undefined symbol: .SSL_in_init
ld: 0711-317 ERROR: Undefined symbol: .OPENSSL_sk_num
ld: 0711-317 ERROR: Undefined symbol: .OPENSSL_sk_value
ld: 0711-317 ERROR: Undefined symbol: .EVP_PKEY_get_id
ld: 0711-317 ERROR: Undefined symbol: .EVP_PKEY_get_utf8_string_param
ld: 0711-317 ERROR: Undefined symbol: .BIO_set_callback_ex
ld: 0711-317 ERROR: Undefined symbol: .SSL_CTX_set_options
ld: 0711-317 ERROR: Undefined symbol: .SSL_CTX_set_ciphersuites

It looks like the /usr/lib/libssl.a file is missing the functions. All the above functions were introduced in 1.1.1 and did not exist in 1.0.*.  Please provide any suggestions you have to overcome this.

# lslpp -L | grep ssl
  openssl.base           3.0.13.1000    C     F    Open Secure Socket Layer
  openssl.license        3.0.13.1000    C     F    Open Secure Socket License
  openssl.man.en_US      3.0.13.1000    C     F    Open Secure Socket Layer

Any suggestions on how to update the files in /usr/lib? I see that even with openssl1.1.1 we do not have libssl.so.1. So looks like /usr/lib is outdated but need help with getting latest files in there.

------------------------------
Vandy N

Original Message:
Sent: Wed September 07, 2022 01:26 AM
From: SANKET RATHI
Subject: Moving to Openssl 1.1.1

Hi Scott, We will try.

------------------------------
SANKET RATHI

Original Message:
Sent: Fri September 02, 2022 12:51 PM
From: Scott Gruber
Subject: Moving to Openssl 1.1.1

I was told 1Q/2023 - can this not be done sooner ?

------------------------------
Scott Gruber

Original Message:
Sent: Thu September 01, 2022 11:18 AM
From: SANKET RATHI
Subject: Moving to Openssl 1.1.1

Okay we will put httpd in our priority list to compile with openssl 1.1.1

------------------------------
SANKET RATHI

Original Message:
Sent: Mon August 22, 2022 03:00 PM
From: Vasiliy Gokoyev
Subject: Moving to Openssl 1.1.1

Hi 
Thank you for rolling out refreshes to the 1.1.1 library

PHP looks better now, however when the module runs under Apache it appears to fall back to the 1.0.2 version.  Any chance httpd RPM can be compiled next?

# ldd /opt/freeware/lib64/httpd/modules/mod_ssl.so
/opt/freeware/lib64/httpd/modules/mod_ssl.so needs:
/usr/lib/libssl.a(libssl.so.1.0.2)
/usr/lib/libcrypto.a(libcrypto.so.1.0.2)
/usr/lib/libc.a(shr_64.o)
/opt/freeware/lib64/libgcc_s.a(shr.o)
/unix
/usr/lib/libcrypt.a(shr_64.o)

------------------------------
Vasiliy Gokoyev

Original Message:
Sent: Mon August 22, 2022 12:29 PM
From: SANKET RATHI
Subject: Moving to Openssl 1.1.1

As per plan nginx and php are build against openssl 1.1.1 and published from AIX toolbox. 
You can install latest nginx and php from AIX toolbox but before that make sure you have openssl 1.1.1 installed from AIX web download. 
We are keep updating other packages also with openssl 1.1.1.

------------------------------
SANKET RATHI

Original Message:
Sent: Tue June 14, 2022 08:12 AM
From: Sandeep Umesh
Subject: Moving to Openssl 1.1.1

Hello

Thanks for pointing out this.
The readme and web pack related information will be updated by end of this week.


------------------------------
Sandeep Umesh

Original Message:
Sent: Tue June 14, 2022 03:56 AM
From: Juergen Maehlmann
Subject: Moving to Openssl 1.1.1

Hi,

1) how can it bee, that the "official" MRS-side, doesn't show openssl 1.1.1 ?

https://www.ibm.com/resources/mrs/assets/packageList?source=aixbp&lang=en_US

please keep the ground-information updated, too.

2) both openssl-package-versions have the same download-name. please distinct between with and without weak-ciphers.

3) regarding the readme, it's totally unclear - at least to me - if latest available openssh  (8.1) will work with this openssl-package.
     i) please confirm, that openssh (daemon), which is most commonly used for secure logins, will work with this version.

kind regards ,
Jürgen Mählmann


------------------------------
Juergen Maehlmann

Original Message:
Sent: Mon June 13, 2022 10:39 AM
From: SANKET RATHI
Subject: Moving to Openssl 1.1.1

Hello AIX Toolbox Users,

As openssl 1.1.1 is available for AIX from AIX web download many of the AIX customers are requesting to move to openssl 1.1.1 for AIX Toolbox packages.

We are planning to move to openssl 1.1.1 in phases and will start with nginx and php.

Openssl 1.1.1 does not come with AIX by default one has to install it from AIX web download program and install.

If one see error for not finding libcrypto.so.1.1.1 by these packages then you will have to install latest openssl 1.1.1 from AIX web download.

We will slowly move other packages also to openssl 1.1.1  and when openssl 3.0 will be available for AIX we will move to that.

The older versions of packages will still be available on AIX Toolbox those uses openssl 1.0.2.
If someone does not want to install openssl 1.1.1 then he can stay at older packages or install older version of package. 

Kindly let us know if anyone see any issue or have any concern with this. 

Our plan for update for nginx and php  is next quarter.

------------------------------
SANKET RATHI
------------------------------

Hello AIX Toolbox Users,

As openssl 1.1.1 is available for AIX from AIX web download many of the AIX customers are requesting to move to openssl 1.1.1 for AIX Toolbox packages.

We are planning to move to openssl 1.1.1 in phases and will start with nginx and php.

Openssl 1.1.1 does not come with AIX by default one has to install it from AIX web download program and install.

If one see error for not finding libcrypto.so.1.1.1 by these packages then you will have to install latest openssl 1.1.1 from AIX web download.

We will slowly move other packages also to openssl 1.1.1  and when openssl 3.0 will be available for AIX we will move to that.

The older versions of packages will still be available on AIX Toolbox those uses openssl 1.0.2.
If someone does not want to install openssl 1.1.1 then he can stay at older packages or install older version of package. 

Kindly let us know if anyone see any issue or have any concern with this. 

Our plan for update for nginx and php  is next quarter.

------------------------------
SANKET RATHI
------------------------------

Thanks, 

Thanks for the latest update for Openssl 1.1.1t - We just received notice from Tenable that 1.1.1t has vulnerabilities and is looking for OpenSSL 1.1.1u.

Let us know an ETA so we can get back with our security department.

Thanks,

Hello AIX Toolbox Users,

As openssl 1.1.1 is available for AIX from AIX web download many of the AIX customers are requesting to move to openssl 1.1.1 for AIX Toolbox packages.

We are planning to move to openssl 1.1.1 in phases and will start with nginx and php.

Openssl 1.1.1 does not come with AIX by default one has to install it from AIX web download program and install.

If one see error for not finding libcrypto.so.1.1.1 by these packages then you will have to install latest openssl 1.1.1 from AIX web download.

We will slowly move other packages also to openssl 1.1.1  and when openssl 3.0 will be available for AIX we will move to that.

The older versions of packages will still be available on AIX Toolbox those uses openssl 1.0.2.
If someone does not want to install openssl 1.1.1 then he can stay at older packages or install older version of package. 

Kindly let us know if anyone see any issue or have any concern with this. 

Our plan for update for nginx and php  is next quarter.

------------------------------
SANKET RATHI
------------------------------

Hi Scott, Sorry for delay in reply. openssl is not from AIX toolbox team and I have asked openssl team to comment for availability of 1.1.1u. Hope to get you answer soon.

Thanks, 

Thanks for the latest update for Openssl 1.1.1t - We just received notice from Tenable that 1.1.1t has vulnerabilities and is looking for OpenSSL 1.1.1u.

Let us know an ETA so we can get back with our security department.

Thanks,

Hello AIX Toolbox Users,

As openssl 1.1.1 is available for AIX from AIX web download many of the AIX customers are requesting to move to openssl 1.1.1 for AIX Toolbox packages.

We are planning to move to openssl 1.1.1 in phases and will start with nginx and php.

Openssl 1.1.1 does not come with AIX by default one has to install it from AIX web download program and install.

If one see error for not finding libcrypto.so.1.1.1 by these packages then you will have to install latest openssl 1.1.1 from AIX web download.

We will slowly move other packages also to openssl 1.1.1  and when openssl 3.0 will be available for AIX we will move to that.

The older versions of packages will still be available on AIX Toolbox those uses openssl 1.0.2.
If someone does not want to install openssl 1.1.1 then he can stay at older packages or install older version of package. 

Kindly let us know if anyone see any issue or have any concern with this. 

Our plan for update for nginx and php  is next quarter.

------------------------------
SANKET RATHI
------------------------------

Thanks, 

Thanks for the latest update for Openssl 1.1.1t - We just received notice from Tenable that 1.1.1t has vulnerabilities and is looking for OpenSSL 1.1.1u.

Let us know an ETA so we can get back with our security department.

Thanks,

Hello AIX Toolbox Users,

As openssl 1.1.1 is available for AIX from AIX web download many of the AIX customers are requesting to move to openssl 1.1.1 for AIX Toolbox packages.

We are planning to move to openssl 1.1.1 in phases and will start with nginx and php.

Openssl 1.1.1 does not come with AIX by default one has to install it from AIX web download program and install.

If one see error for not finding libcrypto.so.1.1.1 by these packages then you will have to install latest openssl 1.1.1 from AIX web download.

We will slowly move other packages also to openssl 1.1.1  and when openssl 3.0 will be available for AIX we will move to that.

The older versions of packages will still be available on AIX Toolbox those uses openssl 1.0.2.
If someone does not want to install openssl 1.1.1 then he can stay at older packages or install older version of package. 

Kindly let us know if anyone see any issue or have any concern with this. 

Our plan for update for nginx and php  is next quarter.

------------------------------
SANKET RATHI
------------------------------

Please download and install openssl 3.0.13.1000 from https://www.ibm.com/resources/mrs/assets/DownloadList?source=aixbp&lang=en_US

This version of openssl contains 1.1.1x (latest compared to 1.1.1t) shared objects in stripped form(LOADONLY flag)

-Sandeep Umesh

AIX Opensource Security

Thanks, 

Thanks for the latest update for Openssl 1.1.1t - We just received notice from Tenable that 1.1.1t has vulnerabilities and is looking for OpenSSL 1.1.1u.

Let us know an ETA so we can get back with our security department.

Thanks,

Hello AIX Toolbox Users,

As openssl 1.1.1 is available for AIX from AIX web download many of the AIX customers are requesting to move to openssl 1.1.1 for AIX Toolbox packages.

We are planning to move to openssl 1.1.1 in phases and will start with nginx and php.

Openssl 1.1.1 does not come with AIX by default one has to install it from AIX web download program and install.

If one see error for not finding libcrypto.so.1.1.1 by these packages then you will have to install latest openssl 1.1.1 from AIX web download.

We will slowly move other packages also to openssl 1.1.1  and when openssl 3.0 will be available for AIX we will move to that.

The older versions of packages will still be available on AIX Toolbox those uses openssl 1.0.2.
If someone does not want to install openssl 1.1.1 then he can stay at older packages or install older version of package. 

Kindly let us know if anyone see any issue or have any concern with this. 

Our plan for update for nginx and php  is next quarter.

------------------------------
SANKET RATHI
------------------------------