The following Synergy/DE features require OpenSSL. Before installing OpenSSL, consult the documentation pertaining to the feature you plan to use for additional details and information on any environment variables or paths you need to set.
- Synergy HTTP Document Transport API to send and receive documents via HTTPS
- Data encryption for encrypting data at the application level
- Client/server encryption with xfServer or xfServerPlus. For xfServer, see Using client/server encryption. For xfServerPlus, see Using xfServerPlus encryption.
- Data packet encryption with SQL OpenNet
Synergy/DE 11.1 supports OpenSSL versions 1.0.2.x and 1.1.1x. We recommend version 1.1.1 because OpenSSL 1.0.2 reached end of life in December 2019, which means 1.1.1 is required to get security patches. If your application has security compliance requirements and you use SSL, Synergy/DE 11.1 is considered a mandatory security update; OpenSSL 1.1.1 is not supported on earlier versions of Synergy.
We recommend version 1.1.1a (or a later 1.1.1x build) because the original 1.1.1 release includes a bug that may cause an “internal error” if the CA file (pem file) is larger than 16K. Synergex has seen this bug when using the HTTP document transport API, but it may affect encryption in other products.
Go to https://slproweb.com/products/Win32OpenSSL.html and download the “light” version that matches the bitness of your system, and then unpack the download.
- For 1.1.1x , the download will include two libraries: libcrypto-1_1.dll and libssl-1_1.dll for 32-bit or libcrypto-1_1-x64.dll and libssl-1_1-x64.dll for 64-bit. There will also be a number of other files.
- For 1.0.2.x, the download will include two libraries, libeay32.dll and ssleay32.dll, along with a number of other files. (These library files are named with “32” for both the 32-bit and 64-bit versions of OpenSSL.)
For both 32-bit and 64-bit traditional Synergy, you must copy the libraries to the corresponding 32-bit or 64-bit SynergyDE\dbl\bin directory.
For SQL OpenNet, you must in addition copy the libraries to the corresponding 32-bit or 64-bit SynergyDE\connect directory.
For Synergy .NET, if DBLDIR is set, Synergy will look in the \bin directory under the DBLDIR directory for the OpenSSL DLLs. If DBLDIR is not set or the libraries are not found there, the default DLL look-up path for Windows is used (PATH, then current directory). We do not recommend putting OpenSSL DLLs in the path, as there may be more than one instance of the OpenSSL DLL in the path and you can't have both 32- and 64-bit. Instead, if DBLDIR is not set, we recommend putting the OpenSSL DLLs in the same directory as your assembly and adding a manifest to ensure loading of the correct DLL.
For ClickOnce deployment, OpenSSL must already be installed on the target machine; you cannot install the OpenSSL libraries via ClickOnce.
For Synergy/DE 11.1, you should use the version of OpenSSL that comes from the vendor and is specific to your UNIX platform and version. The OpenSSL shared libraries required by Synergy/DE are libcrypto.so.#.#.# and libssl.so.#.#.#, where #.#.# is the version number, e.g., 1.0.1. You can run the dltest utility to verify OpenSSL is installed correctly.
- For HP-UX, use version 1.0.*x.
- For IBM AIX, use the version installed with the operating system. It must be at least 1.0.2r. You can verify your version using the command “openssl version”. If you don’t have the correct version, you can download it from IBM at https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp. You'll need to log in with a valid username and password.
- For Linux, use the version installed with the operating system. It should be at least 1.0.*x. (Version 1.1.1 is also supported. We recommend using 1.1.1a [or a later 1.1.1x build] because of the bug described in the note in the Windows section above.)
- For Solaris 11, install the latest version 1.0.*x from Oracle.
Synergy/DE 11.1 supports HPE SSL1 version 1.0-2C and higher as well as SSL111 version 1.1.1b. HPE SSL1 requires HP OpenVMS 8.4 or higher or VSI Alpha OpenVMS 8.4-2L1 or higher. SSL111 is available only on VSI OpenVMS.
Connectivity Series supports HPE SSL1 version 1.0-2C and higher. The runtime support file is VTXSSL.EXE.
For OpenVMS, you must use the operating system-supplied libraries, which are available from VMS Software Inc. Contact VSI for more information, https://vmssoftware.com.