What is Centrify's plan for supporting OpenSSL 1.0.2, since it is End of Life (EOL) on 31 Dec 2019, but the Centrify agent version (18.11) that is using it, is supported till December 2021 for Standard support customers and December 2023 for Premium support customers?Answer:
Since OpenSSL 1.0.x is EOL, it will no longer be maintained by OpenSSL. OpenSSL 1.0.2 is currently only receiving security updates. Support for 1.0.2 will end on 31st December 2019. That is why Centrify had to move to OpenSSL 1.1.x in the Centrify Infrastructure Services19.6 release even without FIPS being supporting yet.
The current plan for Centrify supporting OpenSSL 1.0.2, is:
1. If FIPS is needed, then the 19.2 (5.5.3) agent will need to used. It is using OpenSSL 1.0.2p. If there is a high impact security fix, Centrify will review it to see if Centrify needs to provide a matching CentrifyDC-openssl package update for the 19.2 release.
2. Centrify is monitoring the OpenSSL 1.1.x updates. When OpenSSL provides FIPS certification, Centrify will evaluate it and update the DirectControl packages accordingly to re-enable FIPS.