Some customers experience problems using the Storage Platform Console when some security products (e.g. VPNs) register the OpenSSL binaries that we use as insecure. However, the Console does not make use of OpenSSL for TLS or any other communication, and as such there is no vulnerability to our customers in this regard.
The Console makes use of OpenSSL in only three files (an executable and two libraries) that are present in the installer package:
- openssl.exe 3.0
The OpenSSL tools kit is used for (a) generating the public and private key pair for the group certificate, (b) generating the signing request for the certificate, and (c) decrypting account encryption keys. In short, these files are only required if you wish to make use of a group certificate.
If you do not wish to make use of a group certificate, you can circumvent the VPN block by simply deleting the three files above. This will not affect the functioning of the Console, although it will make it impossible to generate a group certificate. If you try to generate a group certificate after deleting the OpenSSL files, an error "The system cannot find the file specified" will present.
Should you wish to generate a group certificate, you can simply reinstall the Console, as this will replace the required OpenSSL files.
Please sign in to leave a comment.