8.5.100.30

What's New

This release contains the following new features and enhancements:

• The Genesys Security Pack now uses OpenSSL version 3.0.8 for Linux operating system. On Linux platforms, using the FIPS library requires the following steps for OpenSSL 3.0 versions:

  1. Run the fipsinstall.sh script provided in the fips140_lib64 directory. This runs the FIPS module self-test and generates proper OpenSSL configuration files which are mandatory for using the FIPS module.
  2. Set both the LD_LIBRARY_PATH and OPENSSL_MODULES environment variables to <install directory>/fips140_lib64 and OPENSSL_CONF variable to <install directory>/fips140_lib64/openssl.cnf, as shown in the following example script:

    /usr/local/GCTI/gsecurity/fips140_libs64-$ bash fipsinstall.sh
    ...
    INSTALL PASSED
    For using FIPS security module set the following environment variables:
      LD_LIBRARY_PATH=/usr/local/GCTI/gsecurity/fips140_libs64
      OPENSSL_MODULES=/usr/local/GCTI/gsecurity/fips140_libs64
      OPENSSL_CONF=/usr/local/GCTI/gsecurity/fips140_libs64/openssl.cnf

Note: The master OpenSSL configuration file (openssl.cnf) configured in OPENSSL_CONF is not included in the installation package but it is generated dynamically by the fipsinstall.sh script along with the fipsmodule.cnf configuration for FIPS. (MFWK-24234)

Resolved Issues

This release contains the following resolved issues:

Security Pack now allows adjusting the cipher list when using TLS 1.3. Use the newly added option ciphersuites in connection parameters to configure ciphers for TLSv1.3.

For more details on the option and its supported values, see Tuning Available Cipher Lists for TLS v1.3. (MFWK-23926)

Upgrade Notes

No special procedure is required to upgrade to release 8.5.100.30.