1. Home

Product groups

Support

Open SSL 1.1.1 - WeOnlyDo Discussion board

Open SSL 1.1.1 (General questions)

by Mykola Melnyk, Wednesday, May 12, 2021, 11:01 (753 days ago)

Is there some kind of a deadline when WeOnlyDo ActiveX components start supporting OpenSSL 1.1.1
(interested in SFTP, SSH components)?

locked
  3030 views

Open SSL 1.1.1

by wodSupport, Wednesday, May 12, 2021, 21:25 (753 days ago) @ Mykola Melnyk

Hi.

I'm not really sure why you need OpenSSL 1.1.1 for SSH/SFTP, since those protocols have nothing to do with SSL, so TLS1.3 which is major feature of 1.1.1 doesn't apply to SSH protocol. Can you please elaborate why you need OpenSSL 1.1.1?

As for when it will be supported - as soon as FIPS is available as 'drop in' DLL, as it is now with 1.0.2.

Hope this helps!
Jasmine

locked
  2984 views

Open SSL 1.1.1

by Mykola Melnyk, Thursday, May 13, 2021, 09:58 (752 days ago) @ wodSupport

Thank you for your quick response.

Our concern originates from the known list of vulnerabilities in OpenSSL 1.0.x. Numerous customers of our company prefer to consume products based on OpenSSL 1.1.1 even before FIPS support is provided. Though the best solution is still both OpenSSL 1.1.1 and FIPS in one bucket.
As far as we access OpenSSL functionalities mainly through WeOnlyDo libraries that's the reason why I raise the issue.

Thank you

locked
  2964 views

Open SSL 1.1.1

by wodSupport, Thursday, May 13, 2021, 09:59 (752 days ago) @ Mykola Melnyk

Mykola,

hi. Can you point to the list of vulnerability that concern crypto algorithms that are used, not the SSL/TLS layer itself which we don't use? If it's something to be fixed ASAP we'll be happy to know about it.

We'lre also for 1.1.1 (in other products mainly) but FIPS is more important at this time.

Jasmine

locked
  2989 views

Open SSL 1.1.1

by Mykola Melnyk, Thursday, May 13, 2021, 15:44 (752 days ago) @ wodSupport

The first one I have handy:
https://nvd.nist.gov/vuln/detail/CVE-2019-1552

locked
  2981 views

Open SSL 1.1.1

by wodSupport, Thursday, May 13, 2021, 16:03 (752 days ago) @ Mykola Melnyk

Hi.

But, that is for TLS protocol. We don't implement or use SSL/TLS in SSH protocol. We use only OpenSSL's crypto libraries. This doesn't apply in any way to SSH protocol.

Jasmine

locked
  2971 views

Thank you very much for the rapid responses. I was a little nervous about dealing with a company that is on a different continent from me. You have proven my concerns to be unfounded.

Robert Pacheco
Surebridge, Inc.

...not only that you provide these components at very reasonable cost, your responsiveness to emailed technical questions is simply outstanding...

Michael Thomas
ClownRed Media

May I say how nice it is to work with components so complete and self-explanatory that using them in my application is as instinctive as though I wrote them myself?

Michael Barnett
Full Spectrum Telecommunications

Your component works really great. With minor effort I have been able to convert my delphi application...

Gilles Hache
Cisco Systems Inc.

...your service has been phenomenal. It's always quick and you are there when I need you.

James Newman
Castleberry Investments

...with a minimum of effort as the DLL interface was written with such simplicity...

Zack Menendez
Mapframe Corporation

...what I really like is that wodSSH and wodSFTP components work excellently and are constantly being improved...

Steven Jones
SABIEN project

May I say how nice it is to work with components so complete and self-explanatory that using them in my application is as instinctive as though I wrote them myself?

Michael Barnett
Full Spectrum Telecommunications

Your .NET components allow us to blend .NET technology seamlessly with secure communication, and with excellent technical support.

Bil Bragg
Dionach

Just thought you'd like to know that my gateway app with your SMTP Server component held the line against a DDOS attack today...

Chris Langsenkamp
Clever Technologies