Skip to Content
0
Nov 30, 2022 at 11:23 PM

Crystal reports runtime uses unsupported version of OpenSSL

269 Views Last edit Dec 06, 2022 at 01:57 PM 2 rev

A customer of ours is an air force base in the U.S. They installed the most recent version of crystal reports runtime.

They ran a scan on all the .dll's used to ensure they meet their security requirements. The scan indicated some files are using older, no longer supported versions, of OpenSSL. You can clearly see this when you right click the file and view properties. You will see the version is OpenSSL Shared Library 1.0.2x . The OpenSSL website indicates they no longer support this version as of Jan 2020. These are the files in question:

c:\program files (x86)\sap businessobjects\crystal reports for .net framework 4.0\common\sap businessobjects enterprise xi 4.0\win32_x86\libeaym32.dll

c:\program files (x86)\sap businessobjects\crystal reports for .net framework 4.0\common\sap businessobjects enterprise xi 4.0\win32_x86\ssleaym32.dll

Our customer will not use Crystal Reports unless they are provided proof that SAP has an extended support agreement with OpenSSL.org for version 1.0.2x

1) Does SAP have an extended support agreement with OpenSSL.org for version 1.0.2x and can you provide that proof so I can share it with our customer?

2) If that is not possible, does SAP have other version(s) of Crystal Reports runtime you are actively supporting that either do not use OpenSSL at all, or use a supported version of OpenSSL?

3) If that is not possible, when does SAP intend to offer a new version of the runtime with a version of OpenSSL that OpenSSL.org does support?