Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
general:openssl3 [2022/11/01 18:34] emrgeneral:openssl3 [2024/02/15 00:00] (current) – external edit 127.0.0.1
Line 1: Line 1:
-====== Stages and OpenSSL 3.x Vulnerability CVE-2022-3358 ====== +====== Stages and OpenSSL 3.x Vulnerabilities CVE-2022-3602, CVE-2022-3786 ======
- <font 11pt/Calibri,sans-serif;;inherit;;inherit>The Stages managed services *.stages.digital and *.stagesasaservice.com are not impacted.</font> +
- <font 11pt/Calibri,sans-serif;;inherit;;inherit>On premise Stages installations are not impacted, unless all of the following conditions apply:</font>+
  
-  - +The Stages managed services *.stages.digital and *.stagesasaservice.com are not impacted. 
- <font 11pt/Calibri,sans-serif;;inherit;;inherit>OpenSSL 3.0.0 - 3.0.is installed on your operating system. You can check by executing "openssl version" on the command line.</font> + 
-  +On premise Stages installations are not impactedunless the following conditions apply: 
- <font 11pt/Calibri,sans-serif;;inherit;;inherit>OpenSSL usage is explicitly enabled by removing the comments around</font>  \\ + 
- <font 11pt/Consolas;;black;;inherit><!– <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> ></font  \\ +  * OpenSSL 3.0.0 - 3.0.is installed on your operating system. You can check by executing "openssl version" on the command line. 
- <font 11pt/Calibri,sans-serif;;inherit;;inherit>in …/conf/server.xmlThe default configuration uses the Java SSL implementationwhich is not vulnerable.</font>+  OpenSSL usage is explicitly enabled by configuring an SSL Connector and removing the comments around the following configuration line in …/conf/server.xml. The default configuration uses the Java SSL implementation, which is not vulnerable. 
 + 
 +<code> 
 +<!-- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> --> 
 + 
 +</code
 + 
 +If you are using a reverse proxy in front of Stages (e.g. Apache Server)please also check whether it is configured with one of the affected OpenSSL versions (3.0.0-3.0.6) and if this is the caseinstall the newest version.