Genesys Security Pack on UNIX 8.5.x Release Notes
|Release Date||Release Type||Restrictions||AIX||Linux||Solaris||Windows|
This release contains the following new features and enhancements:
- New secure socket layer implementation: The default secure socket layer implementation has been changed to use OpenSSL to facilitate communication in the SSL/TLS protocol suite. This includes the following enhancements:
- Security Pack now supports TLS 1.2.
- Security Pack now uses OpenSSL 1.0.2e.
- The behavior of the sec-protocol option has been enhanced. For details, refer to the Framework Configuration Options Reference Manual.
- More secure default certificate signature algorithm: Security Pack scripts have been changed to use SHA1 by default, with an option to use SHA256. Genesys strongly recommends that SHA256 be used for all new certificate generation. The previous default algorithm, MD5, is considered vulnerable and is not to be used. MD5 signed certificates might not be accepted by modern TLS protocol versions. MD5 signed certificates pose a significant security threat and must be reissued as soon as possible.
- Enhanced logging: To simplify troubleshooting of secure connections, Security Pack 8.5.100.06 or newer offers additional logging of the secure connection establishment phase.
This release contains the following resolved issues:
This release fixes the memory leak in Genesys Security Pack that originated in third-party software used by Genesys Security Pack. The leak was specific to RSA, which is no longer used by Security Pack. (MFWK-16911)
If mutual TLS is configured on both the client and server (tls-mutual=true), the client and server applications now connect properly using TLS. Previously in this scenario, the client application would terminate unexpectedy while trying to connect to the server using mutual TLS. (MFWK-16908)
No special procedure is required to upgrade to release 8.5.100.06.