cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What Version of OpenSSL is part of your latest release of FlexNet Embedded?

What Version of OpenSSL is part of your latest release of FlexNet Embedded?

Summary

What Version of OpenSSL is part of your latest release of FlexNet Embedded?

Question

What Version of OpenSSL is part of your latest release of FlexNet Embedded?

Answer

This is covered in the disclosure documentation included with each release under the Product and License Center.

For example, the version of OpenSSL used in FNE 2014 R2 (2014.09) is 1.0.1h. FNE 2017 R1 is on 1.0.2j.

Additional Information

In February, 2017, OpenSSL released security patch "OpenSSL version 1.1.0e"
https://www.us-cert.gov/ncas/current-activity/2017/02/16/OpenSSL-Releases-Security-Update

However, please note that 1.0.2 is not effected by this issue, as seen below.

OpenSSL Security Advisory [16 Feb 2017]
========================================

Encrypt-Then-Mac renegotiation crash (CVE-2017-3733)
====================================================

Severity: High

During a renegotiation handshake if the Encrypt-Then-Mac extension is
negotiated where it was not in the original handshake (or vice-versa) then this
can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers
are affected.

OpenSSL 1.1.0 users should upgrade to 1.1.0e

This issue does not affect OpenSSL version 1.0.2.
Labels (1)
Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Nov 12, 2018 09:31 PM
Updated by: