While internet’s heart is bleeding…


D6.7SP1/SP2 uses RSA BSAFE SSL-C 2.4.0 (May 2003!):

~]$ strings documentum | grep SSL-C
SSLv2/3 compatibility part of SSL-C 2.4.0 14-May-2003
TLSv1 part of SSL-C 2.4.0 14-May-2003
SSLv3 part of SSL-C 2.4.0 14-May-2003
SSL-C 2.4.0 14-May-2003
SSLv2 part of SSL-C 2.4.0 14-May-2003
X509 part of SSL-C 2.1.1 26-Sep-2001

D7.1 uses RSA BASE SSL-C 2.8.1 (September 2009!):

RKM]$ strings libkmsvcshlib.so | grep SSL-C
TLSv11 part of SSL-C 2.8.1
TLSv12 part of SSL-C 2.8.1
TLSv1 part of SSL-C 2.8.1
SSLv3 part of SSL-C 2.8.1

Link#1
Link#2

Sarcasm (note double quotes around word secure):

7 thoughts on “While internet’s heart is bleeding…

  1. Andrew, is it mean that besides that Documentum is not exposed Heartbleed it uses very old version of SSL implementation so it could be open to some security vulnerabilities found since that time?

    Like

  2. Pingback: Alternative vision for Documentum security vulnerabilities | Documentum in a (nuts)HELL
  3. >I don’t think they aware of it.

    Sure they don’t. What is the reason to perform code review and security audit? Security is not a vendor problem, customer stores data in Documentum, not EMC, so it’s a customer’s problem.

    Like

  4. Pingback: Q & A. VI | Documentum in a (nuts)HELL

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s