Do we still use OpenSSL with ITMS version 8.5 and 8.6 respectively?
ITMS 8.x
The answer to this question is both "No" and "Yes".
OpenSSL was used mainly in Apache for our IGW (Internet Gateway).
ITMS version 8.5 and higher no longer uses Apache on our Internet Gateways. See KB 185012 "What has changed in Internet Gateway 8.5 compared to older versions?"
However, we still do use OpenSSL in ITMS 8.5 and 8.6 in a few components as listed below:
The version of OpenSSL we use is a variant of 1.0.2.
In ITMS release 8.7 we started using OpenSSL 3.0..x for the ULM Agent.
For the rest of the components, we'll stay on the 1.0.2 variant which is the latest available.
If you are concerned about recent OpenSSL vulnerabilities, you can check our Security advisories here for recent ones:
https://www.broadcom.com/support/fibre-channel-networking/security-advisories