My security team is asking me to tell them what version of Open SSL we're using in the load balancer.
How can I find that?
On the download site for the NSX version in question on my.vmware.com there'll be an "open source" tab that you can select and there you'll find a .txt file that lists all the open source software/licenses used in NSX (including OpenSSL and the applicable version).
That did it. Thanks!
HI this can be helpful for you and I believe is more than accurate answer to your question
"3rd Party Hardware / Software products for NSX
Cryptographic Functionality:
NSX uses the following cryptographic modules when in FIPS mode:
In NSX 6.4.0 Release:
• OpenSSL 1.0.2n (VMware OpenSSL FIPS Object Module 2.9), BouncyCastle FIPS 1.0.0,
Linux Kernel v4.4 (NSX OS 4.4), Apple OS X CoreCrypto Module v5.0
Prior to NSX 6.4.0 Release:
• OpenSSL 1.0.2(p to l), BouncyCastle FIPS 1.0.0, Mozilla NSS 3.23 (VMware NSS
Cryptographic Module 3.23), Linux Kernel (v3.13 and 3.14), Apple OS X CoreCrypto
Module v5.0
Different version of OpenSSL version were used prior to 6.4.0 release. Latest version in NSX
6.2 SW release train is 6.2.9, which uses 1.0.2j. Similarly, latest version in NSX 6.3 SW
release train is 6.3.5 which uses OpenSSL version 1.0.2l.
VIX communication uses older version of OpenSSL so it is not allowed when FIPS mode is
enabled.
OpenSSL, Mozilla NSS, and Linux crypto routines are configured to use Intel AES-NI when it
is available. AES-NI is an extended set of functionality available on certain Intel and AMD
processors, which allows offloading some cryptographic operations from software to the
processor.
All crypto, except Apple CoreCrypto are open-source components, primarily maintained by
non- profit foundations. Although VMware has support agreements, commercial licenses
are not required in order to use these components."
Regards Dmitri
Where do you find that information Dmitri?
Hi ,
if answer is Ok for you , can you please mark it as helpful or something like that just to close the loop.
Regards Dmitri