A customer of ours is an air force base in the U.S. They installed the most recent version of crystal reports runtime.
They ran a scan on all the .dll's used to ensure they meet their security requirements. The scan indicated some files are using older, no longer supported versions, of OpenSSL. You can clearly see this when you right click the file and view properties. You will see the version is OpenSSL Shared Library 1.0.2x . The OpenSSL website indicates they no longer support this version as of Jan 2020. These are the files in question:
c:\program files (x86)\sap businessobjects\crystal reports for .net framework 4.0\common\sap businessobjects enterprise xi 4.0\win32_x86\libeaym32.dll
c:\program files (x86)\sap businessobjects\crystal reports for .net framework 4.0\common\sap businessobjects enterprise xi 4.0\win32_x86\ssleaym32.dll
Our customer will not use Crystal Reports unless they are provided proof that SAP has an extended support agreement with OpenSSL.org for version 1.0.2x
1) Does SAP have an extended support agreement with OpenSSL.org for version 1.0.2x and can you provide that proof so I can share it with our customer?
2) If that is not possible, does SAP have other version(s) of Crystal Reports runtime you are actively supporting that either do not use OpenSSL at all, or use a supported version of OpenSSL?
3) If that is not possible, when does SAP intend to offer a new version of the runtime with a version of OpenSSL that OpenSSL.org does support?