It may be necessary to verify the version of OpenSSL running on the SiteMinder Access Gateway to ensure that it is not a version listed in a published vulnerability CVE.

Or, if it is found to be vulnerable, the version of OpenSSL on SiteMinder Access Gateway may have been upgraded so now it is necessary to verify the system is now showing the version you upgraded too. 

Upgrading OpenSSL and other 3rd party components is done through officially released KB articles with package upgrades of OpenSSL from Broadcom. (Do not download and upgrade OpenSSL outside of a Broadcom KB published by the SiteMinder team).

PRODUCT: Symantec Siteminder

COMPONENT: Access Gateway

RELEASE: 12.8.x

LINUX

1) Logon to the Access Gateway Host.

2) browse to the Siteminder Access Gateway directory

<Install_Dir>/CA/siteminder/secure-proxy/SSL/bin

3) Set the Access Gateway environment variables

$ . ./ca_sps_env.sh

4) browse to the OpenSSL directory within the Access Gateway directory

$ cd SSL/bin

5) Set the OpenSSL environment variable

$ export OPENSSL_CONF=./openssl.cnf

6) Verify the version of OpenSSL

$ openssl version

The version (similar to the following) should be displayed:

OpenSSL 1.0.2k-fips  26 Jan 2017

WINDOWS

1) Logon to the Access Gateway Host.

2) Open a command prompt with elevated privileges (Run as Administrator).

3) Browse to the 'SSL/bin' directory for Access Gateway 

Default: "C:\Program Files\CA\siteminder\secure-proxy\SSL\bin\

Example:

cd \Program Files\CA\siteminder\secure-proxy\SSL\bin

3) Verify the version of OpenSSL

openssl version

The version (similar to the following) should be displayed:

OpenSSL 1.0.2k-fips  26 Jan 2017