Does MATLAB R2023a upgrade OpenSSL to address ACAS vulnerabilities?

Question

MathWorks Support Team 2023-12-20

1
链接

此问题的直接链接

https://ww2.mathworks.cn/matlabcentral/answers/2062837-does-matlab-r2023a-upgrade-openssl-to-address-acas-vulnerabilities

编辑： MathWorks Support Team 2024-2-27

In the current configuration of MATLAB R2023a, I have observed some findings on Assured Compliance Assessment Solution (ACAS). ACAS is the mandated enterprise vulnerability scanning tool for networks and components under the ownership or operation of the Department of Defense (DoD). The findings pertain specifically to OpenSSL, a widely used software library for the implementation of the Transport Layer Security (TLS) protocol. Based on these findings, the version of OpenSSL being utilized in MATLAB R2023a appears to be 1.1.1o, and this is the case across multiple platforms, including Linux, Windows, and potentially Mac.

To address potential vulnerabilities, I am wondering if MathWorks has incorporated a more recent version of OpenSSL, specifically version 1.1.1t, in its latest releases or updates. This updated version could potentially mitigate the vulnerabilities associated with the previous versions.

请先登录，再回答此问题。

Answer 1

MathWorks Support Team 2024-2-27

1
链接

此回答的直接链接

https://ww2.mathworks.cn/matlabcentral/answers/2062837-does-matlab-r2023a-upgrade-openssl-to-address-acas-vulnerabilities#answer_1375157

编辑：MathWorks Support Team 2024-2-27

MATLAB R2023b and later releases uses OpenSSL v3 for all products except for Industrial Communication (ICOMM) Toolbox. The ICOMM toolbox continues to utilize an older version of OpenSSL due to downstream dependencies. Note - If you don't use ICOMM toolbox, you may choose to remove it from the MATLAB installation. This is the only MATLAB toolbox that depends on OpenSSL 1.1.1w.