Does MATLAB R2023a upgrade OpenSSL to address ACAS vulnerabilities?

26 views (last 30 days)
In the current configuration of MATLAB R2023a, I have observed some findings on Assured Compliance Assessment Solution (ACAS). ACAS is the mandated enterprise vulnerability scanning tool for networks and components under the ownership or operation of the Department of Defense (DoD). The findings pertain specifically to OpenSSL, a widely used software library for the implementation of the Transport Layer Security (TLS) protocol. Based on these findings, the version of OpenSSL being utilized in MATLAB R2023a appears to be 1.1.1o, and this is the case across multiple platforms, including Linux, Windows, and potentially Mac.
To address potential vulnerabilities, I am wondering if MathWorks has incorporated a more recent version of OpenSSL, specifically version 1.1.1t, in its latest releases or updates. This updated version could potentially mitigate the vulnerabilities associated with the previous versions.

Accepted Answer

MathWorks Support Team
MathWorks Support Team on 27 Feb 2024
Edited: MathWorks Support Team on 27 Feb 2024
MATLAB R2023b and later releases uses OpenSSL v3 for all products except for Industrial Communication (ICOMM) Toolbox. The ICOMM toolbox continues to utilize an older version of OpenSSL due to downstream dependencies. Note -  If you don't use ICOMM toolbox, you may choose to remove it from the MATLAB installation. This is the only MATLAB toolbox that depends on OpenSSL 1.1.1w. 

More Answers (0)

Categories

Find more on Image Processing Toolbox in Help Center and File Exchange

Products


Release

R2023a

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!