OpenEdge 12.0 includes the following security updates.

Spring Security updates

In OpenEdge 12.0, bcrypt is the default and only supported hashing algorithm for encrypting passwords using the GENSPRINGPWD utility. Previously supported algorithms–sha256, sha512, and sha1–are discontinued because of their known vulnerability.

For details, see Generate encrypted passwords with GENSPRINGPWD.

OpenSSL

In OpenEdge 12.0, transport layer security has been strengthened by upgrading OpenSSL to 1.1.1.

For more information, see Supported protocols, ciphers, and certificates for OpenEdge clients and servers.

SECPROP utility

OpenEdge Release 12.0 introduces the SECPROP utility, which greatly simplifies configuring and managing the security properties for a PAS for OpenEdge web application that are defined in the oeablSecurity.properties file.

For more information, see SECPROP.