Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
general:openssl3 [2022/11/01 18:32] – created emrgeneral:openssl3 [2024/02/15 00:00] (current) – external edit 127.0.0.1
Line 1: Line 1:
-Stages and OpenSSL 3.x Vulnerability CVE-2022-3358 +====== Stages and OpenSSL 3.x Vulnerabilities CVE-2022-3602CVE-2022-3786 ====== 
- <font 11pt/Calibri,sans-serif;;inherit;;inherit>The Stages managed services *.stages.digital and *.stagesasaservice.com are not impacted.</font> + 
- <font 11pt/Calibri,sans-serif;;inherit;;inherit>On premise Stages installations are not impacted, unless all of the following conditions apply:</font> +The Stages managed services *.stages.digital and *.stagesasaservice.com are not impacted. 
- <font 11pt/Calibri,sans-serif;;inherit;;inherit>1. OpenSSL 3.0.0 - 3.0.is installed on your operating system. You can check by executing "openssl version" on the command line.</font> + 
- <font 11pt/Calibri,sans-serif;;inherit;;inherit>2. OpenSSL usage is explicitly enabled by removing the comments around</font> +On premise Stages installations are not impacted, unless the following conditions apply: 
- <font 11pt/Consolas;;black;;inherit><!-- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> --></font+ 
- <font 11pt/Calibri,sans-serif;;inherit;;inherit>in …/conf/server.xml The default configuration uses the Java SSL implementationwhich is not vulnerable.</font>+  * OpenSSL 3.0.0 - 3.0.is installed on your operating system. You can check by executing "openssl version" on the command line. 
 +  OpenSSL usage is explicitly enabled by configuring an SSL Connector and removing the comments around the following configuration line in …/conf/server.xml. The default configuration uses the Java SSL implementation, which is not vulnerable. 
 + 
 +<code> 
 +<!-- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> --> 
 + 
 +</code
 + 
 +If you are using a reverse proxy in front of Stages (e.g. Apache Server)please also check whether it is configured with one of the affected OpenSSL versions (3.0.0-3.0.6) and if this is the caseinstall the newest version.