Skip to main content
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Security scan flags OpenSSL/0.9.8za as security risk


    • Product: Aleph
    • Product Version: 20, 21, 22, 23
    • Relevant for Installation Type: Dedicated-Direct, Direct, Local, Total Care



    In doing security scans on our Aleph website, our IT department flagged OpenSSL as being a security risk. The version we run is OpenSSL/0.9.8za 

    The suggestion is that this software be upgraded to version 1.1.0 or better. 



    Aleph V22 and V23 support openssl-1.0.2k. Updating of OpenSSL occurs as part of "Download the Third-Party Product Updates (util SP 6)" of the Service Pack.  (It seems that this was not done as part of the most recent Service Pack application.)

    Downloading of the Third-Party Product Updates included openssl-1.0.2k, which has met the site's security requirements.

    See also the article:  Determine Version of OpenSSL Software used by an Ex Libris Product .


    • Article last edited: 28-Mar-2018