Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-23652: Centrify Supportability plan for openssl 1.0.2 - last version that currently supports FIPS

Authentication Service ,  

26 November,19 at 04:38 PM


What is Centrify's plan for supporting OpenSSL 1.0.2, since it is End of Life (EOL) on 31 Dec 2019, but the Centrify agent version (18.11) that is using it, is supported till December 2021 for Standard support customers and December 2023 for Premium support customers?


Since OpenSSL 1.0.x is EOL, it will no longer be maintained by OpenSSL. OpenSSL 1.0.2 is currently only receiving security updates. Support for 1.0.2 will end on 31st December 2019. That is why Centrify had to move to OpenSSL 1.1.x in the Centrify Infrastructure Services19.6 release even without FIPS being supporting yet.

The current plan for Centrify supporting OpenSSL 1.0.2, is:
1. If FIPS is needed, then the 19.2 (5.5.3) agent will need to used.  It is using OpenSSL 1.0.2p.  If there is a high impact security fix, Centrify will review it to see if Centrify needs to provide a matching CentrifyDC-openssl package update for the 19.2 release.
2. Centrify is monitoring the OpenSSL 1.1.x updates. When OpenSSL provides FIPS certification, Centrify will evaluate it and update the DirectControl packages accordingly to re-enable FIPS.