Does MATLAB R2023a upgrade OpenSSL to address ACAS vulnerabilities?
19 views (last 30 days)
Show older comments
MathWorks Support Team
on 20 Dec 2023
Edited: MathWorks Support Team
on 27 Feb 2024
In the current configuration of MATLAB R2023a, I have observed some findings on Assured Compliance Assessment Solution (ACAS). ACAS is the mandated enterprise vulnerability scanning tool for networks and components under the ownership or operation of the Department of Defense (DoD). The findings pertain specifically to OpenSSL, a widely used software library for the implementation of the Transport Layer Security (TLS) protocol. Based on these findings, the version of OpenSSL being utilized in MATLAB R2023a appears to be 1.1.1o, and this is the case across multiple platforms, including Linux, Windows, and potentially Mac.
To address potential vulnerabilities, I am wondering if MathWorks has incorporated a more recent version of OpenSSL, specifically version 1.1.1t, in its latest releases or updates. This updated version could potentially mitigate the vulnerabilities associated with the previous versions.
Accepted Answer
MathWorks Support Team
on 27 Feb 2024
Edited: MathWorks Support Team
on 27 Feb 2024
MATLAB R2023b and later releases uses OpenSSL v3 for all products except for Industrial Communication (ICOMM) Toolbox. The ICOMM toolbox continues to utilize an older version of OpenSSL due to downstream dependencies. Note - If you don't use ICOMM toolbox, you may choose to remove it from the MATLAB installation. This is the only MATLAB toolbox that depends on OpenSSL 1.1.1w.
0 Comments
More Answers (0)
See Also
Community Treasure Hunt
Find the treasures in MATLAB Central and discover how the community can help you!
Start Hunting!