Does MATLAB R2023a upgrade OpenSSL to address ACAS vulnerabilities?

Question

MathWorks Support Team el 20 de Dic. de 2023

1
Enlazar

Enlace directo a esta pregunta

https://es.mathworks.com/matlabcentral/answers/2062837-does-matlab-r2023a-upgrade-openssl-to-address-acas-vulnerabilities

Editada: MathWorks Support Team el 27 de Feb. de 2024

Respuesta aceptada: MathWorks Support Team

In the current configuration of MATLAB R2023a, I have observed some findings on Assured Compliance Assessment Solution (ACAS). ACAS is the mandated enterprise vulnerability scanning tool for networks and components under the ownership or operation of the Department of Defense (DoD). The findings pertain specifically to OpenSSL, a widely used software library for the implementation of the Transport Layer Security (TLS) protocol. Based on these findings, the version of OpenSSL being utilized in MATLAB R2023a appears to be 1.1.1o, and this is the case across multiple platforms, including Linux, Windows, and potentially Mac.

To address potential vulnerabilities, I am wondering if MathWorks has incorporated a more recent version of OpenSSL, specifically version 1.1.1t, in its latest releases or updates. This updated version could potentially mitigate the vulnerabilities associated with the previous versions.

Iniciar sesión para responder a esta pregunta.

Answer 1

MathWorks Support Team el 27 de Feb. de 2024

1
Enlazar

Enlace directo a esta respuesta

https://es.mathworks.com/matlabcentral/answers/2062837-does-matlab-r2023a-upgrade-openssl-to-address-acas-vulnerabilities#answer_1375157

Editada: MathWorks Support Team el 27 de Feb. de 2024

MATLAB R2023b and later releases uses OpenSSL v3 for all products except for Industrial Communication (ICOMM) Toolbox. The ICOMM toolbox continues to utilize an older version of OpenSSL due to downstream dependencies. Note - If you don't use ICOMM toolbox, you may choose to remove it from the MATLAB installation. This is the only MATLAB toolbox that depends on OpenSSL 1.1.1w.