ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

OpenSSL 1.0.2.y (and older) Vulnerability on Access Gateway


Article ID: 211470


Updated On:




Siteminder Access Gateway includes OpenSSL 1.0.2 with the installation.  The following is a list of OpenSSL versions by Siteminder Access Gateway version:

r12.8.1: OpenSSL 1.0.2q

r12.8.1: OpenSSL 1.0.2q

r12.8.2: OpenSSL 1.0.2q

r12.8.3: OpenSSL 1.0.2r

r12.8.4: OpenSSL 1.0.2u

r12.8.5: OpenSSL 1.0.2x


Each of these versions of OpenSSL has published vulnerabilities with published version to remediate those vulnerabilities.



Release : 12.8.x

Component : SITEMINDER Access Gateway Server.


Review Release notes to verify if there has been a GA release which fixes this issue in r12.8.6 or higher versions.

Siteminder r12.8.x Release Notes (Defects Fixed in Service Packs):

OpenSSL 1.0.2za was release in Broadcom defect DE513332

Attached to this KB is OpenSSL 1.0.2za for Access Gateway on Linux and Windows.  This is a standalone upgrade of OpenSSL that is supported on any supported version of Siteminder Access Gateway.  While the OpenSSL upgrade package is specific to Windows or Unix OS, it is applicable to all versions of either Windows or Linux.  


Additional Information

Follow these steps to upgrade OpenSSL on Access Gateway to 1.0.2za

   OpenSSL 1.0.2za  Linux Installation Instructions


1) Copy "" to the Access Gateway Server

2) Unzip ""


3) Stop the Access Gateway Server.

4) Navigate to the '<InstallDir>/CA/secure-proxy' directory.

5) Note the permissions on the '<InstallDir>/CA/secure-proxy/SSL/' directory.

6) Backup the '<InstallDir>/CA/secure-proxy/SSL/' directory.

7) Copy '/1.0.2za_linux64bit/Release/bin/openssl' to the '/<Intall_Dir>/CA/secure-proxy/SSL/bin/'
/bin drectory.

cp -r /1.0.2za_linux64bit/Release/bin/openssl /<InstallDir>/CA/secure-proxy/SSL/bin/openssl

8) Copy the library files from '/1.0.2za_linux64bit/Release/lib/' to the '/<Intall_Dir>/CA/secure-proxy/SSL/lib/' directory.

cp -r /Release_openssl102za_linux64/Release/lib/lib* ./<InstallDir>/CA/secure-proxy/SSL/lib/

9) Re-set the permissions on the copied files.

10) Re-source the environment variables;

. ./

11) Re-start the Access Gateway.

./proxy-engine/sps-ctl start

   OpenSSL 1.0.2za Windows Installation Instructions

1) Stop the Access Gateway server

2) Browse to the "<Install_Dir>\CA\secure-proxy\SSL\bin\" directory in Access Gateway

Default: C:\Program Files\CA\secure-proxy\SSL\

3) Back-up the following files:


4) Replace with the files from ""

5) Browse to the "<Install_Dir>\CA\secure-proxy\HTTPD\bin\" directory in Access Gateway

Default: C:\Program Files\CA\secure-proxy\HTTPD\

6) Back-up the following files:


7) Replace with the files from ""

8) Start the Access Gateway server

Attachments get_app get_app