Security updates

Spring Security updates

In OpenEdge 12.0, bcrypt is the default and only supported hashing algorithm for encrypting passwords using the GENSPRINGPWD utility. Previously supported algorithms–sha256, sha512, and sha1–are discontinued because of their known vulnerability.

For details, see Generate encrypted passwords with GENSPRINGPWD.

OpenSSL

In OpenEdge 12.0, transport layer security has been strengthened by upgrading OpenSSL to 1.1.1.

For more information, see Supported protocols, ciphers, and certificates for OpenEdge clients and servers.

SECPROP utility

OpenEdge Release 12.0 introduces the SECPROP utility, which greatly simplifies configuring and managing the security properties for a PAS for OpenEdge web application that are defined in the oeablSecurity.properties file.

For more information, see SECPROP.

Progress-supplied root certificates

OpenEdge provides several root digital (public-key) certificates from trusted Certificate Authorities for clients and servers that support TLS network connections. These root certificates are shipped as part of OpenEdge and are located in the certs directory within the OpenEdge installation directory.

In release 12.0, the set of root certificates has been updated to include those from the following vendors:

• DigiCert
• Entrust
• Go Daddy
• GlobalSign
• GeoTrust
• Thawte
• Symantec

For information about managing root certificates in the OpenEdge keystore, see Manage certificate stores for OpenEdge clients and servers.