Upgrade OpenSSL file used by Performance Center 11.5x to version 1.0.1j (hotfix for POODLE vulnerability)

  • KM01374036
  • 28-Jan-2015
  • 29-Jul-2016

Summary

An industry-wide vulnerability affecting the SSL 3.0 protocol has been discovered (a.k.a POODLE). While Performance Center does not use the SSL 3.0 protocol, it may still be affected by the proxy of the third party implementation of that protocol.

Question

A vulnerability in SSL 3.0 could allow information disclosure (a.k.a POODLE).
The vulnerability is in the protocol and is not specific to the implementation. Therefore, any implementation of the protocol is affected.
For more details on the vulnerability, see https://www.openssl.org/news/secadv_20141015.txt.

Performance Center does not use the SSL 3.0 protocol.
However, since any implementation of the protocol is affected, all versions of Performance Center may be affected by proxy of the OpenSSL and the Windows operating system implementation of the protocol.
 
For more details on the related implementations:
OpenSSL - https://www.openssl.org/~bodo/ssl-poodle.pdf
Microsoft’s Windows - https://technet.microsoft.com/en-us/library/security/3009008.aspx

Answer

To remove the vulnerability completely, the SSL 3.0 protocol must be disabled in all the relevant implementations used by or affecting Performance Center. The following list provides information on the fixes for the different areas that may be affected:
 
 
 
  • ALM Server – Follow the details in the ALM’s knowledge base article KM01250751.