Co-requisite APARs PJ45794 and PJ45842, which provide support for OpenSSL 1.1.1b, are available. OpenSSL 1.1.1b is part of the 1.1.1 series of releases for OpenSSL, which is the latest stable version. OpenSSL 1.0.2.j is no longer supported with the z/TPF system.
An additional open source APAR PJ45904 has been delivered, which provides the updated libCurl package to support OpenSSL 1.1.1b. All of the OpenSSL APARs PJ45794, PJ45842 and PJ45904 must be applied together.
OpenSSL 1.1.1b also requires an updated version of OpenLDAP on the z/TPF system. OpenSSL version 1.1.1b requires that the version of OpenLDAP be upgraded to 2.4.48. If OPENLDAP=YES is configured by the CONFIG SIP macro, the current supported OpenLDAP version 2.4.37 will no longer compile or function. If you use z/TPF support for OpenLDAP, install the latest OpenLDAP version 2.4.48 before you install the OpenSSL APARs.
The latest TLS version 1.3 is not enabled in OpenSSL 1.1.1b on z/TPF. The same TLS versions (TLSv1, TLSv1_1 and TLSv1_2) that are supported in OpenSSL 1.0.2j are the same versions that are supported in OpenSSL 1.1.1b.
There are no new cipher algorithms supported in OpenSSL 1.1.1b. The only change in the supported ciphers is that the DES-CBC-SHA cipher algorithm is no longer supported in OpenSSL 1.1.1b.
There are other migration considerations that need to be considered for OpenSSL 1.1.1b. See the APEDIT for APAR PJ45842 for a detailed description of the migration considerations.
For more information about OpenSSL 1.1.1b see the APEDITs for APARs PJ45794, PJ45842 and PJ45904.