{"id":19304,"date":"2025-12-23T13:39:04","date_gmt":"2025-12-23T04:39:04","guid":{"rendered":"https:\/\/kohyoung.com\/en\/?p=19304"},"modified":"2025-12-23T14:03:50","modified_gmt":"2025-12-23T05:03:50","slug":"end-of-supporteos-notification-for-openssl-software-components","status":"publish","type":"post","link":"https:\/\/kohyoung.com\/en\/end-of-supporteos-notification-for-openssl-software-components\/","title":{"rendered":"End-of-Support(EOS) Notification for OpenSSL Software Components"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"19304\" class=\"elementor elementor-19304\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-b9217d6 elementor-section-full_width elementor-section-height-min-height elementor-section-height-default elementor-section-items-middle\" data-id=\"b9217d6\" data-element_type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t\t<div class=\"elementor-background-overlay\"><\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6c177ff\" data-id=\"6c177ff\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-54b9790 elementor-widget elementor-widget-text-editor\" data-id=\"54b9790\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Security Notification<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-895dd16 elementor-widget__width-inherit elementor-widget elementor-widget-text-editor\" data-id=\"895dd16\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p class=\"p1\">Absolute No.1 Inspection Company<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-60df300 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"60df300\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8185aa1\" data-id=\"8185aa1\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-54a7b76 elementor-widget elementor-widget-spacer\" data-id=\"54a7b76\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-ecd6a56 elementor-section-height-min-height elementor-section-boxed elementor-section-height-default elementor-section-items-middle\" data-id=\"ecd6a56\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-32d17c2\" data-id=\"32d17c2\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-168fe66 elementor-widget elementor-widget-text-editor\" data-id=\"168fe66\" data-element_type=\"widget\" data-settings=\"{&quot;_animation_mobile&quot;:&quot;fadeIn&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>End-of-Support(EOS) Notification for OpenSSL Software Components<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4adf947 elementor-section-height-min-height elementor-section-boxed elementor-section-height-default elementor-section-items-middle\" data-id=\"4adf947\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2b82275\" data-id=\"2b82275\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1b04e8f elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"1b04e8f\" data-element_type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-bfcd156 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"bfcd156\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b2929a4\" data-id=\"b2929a4\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4538b27 elementor-widget elementor-widget-spacer\" data-id=\"4538b27\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1572857 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1572857\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-47ca071\" data-id=\"47ca071\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4bbb86d elementor-invisible elementor-widget elementor-widget-text-editor\" data-id=\"4bbb86d\" data-element_type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeIn&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<h4><strong>Effective Date:\u2003Nov 25, 2025<\/strong><br \/><strong>Product:\u2003Geniant Cranial<\/strong><br \/><strong>Component:\u2003OpenSSL 1.1.1u \/ 3.1.0<\/strong><\/h4><h4><br \/><strong>1.\u2002Overview<\/strong><\/h4><p>Koh Young Technology is issuing this Cybersecurity Software Component End-of-Support (EoS) Notification to inform all customers and partners that specific versions of the OpenSSL library\u2014used within the Geniant Cranial product for secure communication\u2014have officially reached End-of-Support (EoS) status as declared by the OpenSSL Project:<\/p><ul><li>OpenSSL 1.1.1u \u2013 End of Support:\u2003September 11, 2023<\/li><li>OpenSSL 3.1.0 \u2013 End of Support:\u2003March 14, 2025<\/li><\/ul><p>These libraries are utilized by Geniant Cranial software to support TLS communication and digital certificate generation for secure PACS (Picture Archiving and Communication System) integration.<\/p><h4><br \/><strong>2.\u2002Affected Scope<\/strong><\/h4><ul><li>Product:\u2003Geniant Cranial<\/li><li>Functionality:\u2003TLS encryption and certificate generation for PACS integration<\/li><li>Impacted Components:<ul><li>tls_client module (TLS handshake layer)<\/li><li>cert_generator module (certificate issuance: CA-based or self-signed)<br \/><br \/><\/li><\/ul><\/li><li>Deployment Context:<ul><li>Deployed within secure, hospital-managed internal networks<\/li><li>Systems are not designed to operate on or expose interfaces to public internet networks<\/li><\/ul><\/li><\/ul><p><br \/>While these elements continue to function as designed, upstream support and future patching for OpenSSL 1.1.1u and 3.1.0 have ended.<\/p><h4><br \/><strong>3.\u2002Risk Assessment<\/strong><\/h4><p>Based on Koh Young Technology\u2019s internal cybersecurity risk assessment and continued monitoring of public vulnerability databases:<\/p><ul><li>Current exposure is assessed as low due to strict internal network segregation<\/li><li>TLS functionality is confined to PACS-specific traffic within secured environments<\/li><li>No active CVEs from the OpenSSL project or CISA KEV affecting these versions have been identified (as of July 2025)<\/li><li>The long-term risk of exploitability is expected to increase as upstream maintenance has ceased<\/li><\/ul><p>Residual Risk Level: Controlled<br \/>Although direct exposure is currently mitigated, Koh Young emphasizes the importance of proactive disclosure in compliance with FDA and international medical cybersecurity best practices.<\/p><h4><br \/><strong>4.\u2002Recommended Actions<\/strong><\/h4><p>At the time of this notice, Koh Young is actively reviewing and validating future software versions that will incorporate a long-term supported OpenSSL release. The official release plan will be shared in a future bulletin.<br \/>We recommend customers:<\/p><ul><li>Confirm that deployed Geniant Cranial systems are operating only within internal hospital networks \u2014 without external or public internet exposure<\/li><li>Use short-term validity certificates (e.g., valid for 1 year) when issuing self-signed certificates<\/li><li>Maintain network firewall isolation between PACS interfaces and broader digital infrastructure<\/li><li>Perform routine cybersecurity reviews of device perimeter configurations<\/li><\/ul><p>\u00a0<\/p><h4><strong>5.\u2002Koh Young Support &amp; Next Steps<\/strong><\/h4><ul><li>Koh Young will continue to provide best-effort technical support to address OpenSSL-related questions in Geniant Cranial systems until an updated version is made available<\/li><li>Koh Young cannot guarantee the release of any patches for OpenSSL 1.1.1u or 3.1.0 under the current codebase<\/li><li>Upon release of a validated, upgraded version, related SBOM files and installation guidance will be provided<\/li><\/ul><p>\u00a0<\/p><h4><strong>6.\u2002Contact<\/strong><\/h4><p><br \/>For technical assistance, upgrade planning, or security communications:<\/p><ul><li>Email:\u2003<a href=\"mailto:productsecurity@kohyoung.com\">productsecurity@kohyoung.com<\/a><\/li><li>Phone:\u2003+1-858-500-5670<\/li><li>Security Portal:\u2003<a href=\"https:\/\/kohyoung.com\/en\/about-pss\/\">https:\/\/kohyoung.com\/en\/about-pss\/<\/a><\/li><\/ul><h4><strong>7.\u2002References<\/strong><\/h4><ul><li>OpenSSL End-of-Life and Support Policy: <a href=\"https:\/\/www.openssl.org\/policies\/releasestrat.html\">https:\/\/www.openssl.org\/policies\/releasestrat.html<\/a><\/li><li>U.S. FDA Final Guidance on Cybersecurity in Medical Devices (June 2025)<\/li><li>IEC 81001-5-1:2022 \u2013 Health Software and Health IT \u2013 Security Activities in the Product Lifecycle<\/li><li>NIST SP 800-218 \u2013 Secure Software Development Framework (SSDF)<\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6b4c132 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6b4c132\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c23046b\" data-id=\"c23046b\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d23392f elementor-widget elementor-widget-spacer\" data-id=\"d23392f\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7d45f2d elementor-widget elementor-widget-spacer\" data-id=\"7d45f2d\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Security Notification Absolute No.1 Inspection Company End-of-Support(EOS) Notification for OpenSSL Software Components Effective Date:\u2003Nov 25, 2025Product:\u2003Geniant CranialComponent:\u2003OpenSSL 1.1.1u \/ 3.1.0 1.\u2002Overview Koh Young Technology is issuing this Cybersecurity Software Component End-of-Support (EoS) Notification to inform all customers and partners that specific versions of the OpenSSL library\u2014used within the Geniant Cranial product for secure communication\u2014have officially [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":17674,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"categories":[277],"tags":[247],"class_list":["post-19304","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-notification","tag-247"],"_links":{"self":[{"href":"https:\/\/kohyoung.com\/en\/wp-json\/wp\/v2\/posts\/19304","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kohyoung.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kohyoung.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kohyoung.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kohyoung.com\/en\/wp-json\/wp\/v2\/comments?post=19304"}],"version-history":[{"count":14,"href":"https:\/\/kohyoung.com\/en\/wp-json\/wp\/v2\/posts\/19304\/revisions"}],"predecessor-version":[{"id":19326,"href":"https:\/\/kohyoung.com\/en\/wp-json\/wp\/v2\/posts\/19304\/revisions\/19326"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kohyoung.com\/en\/wp-json\/wp\/v2\/media\/17674"}],"wp:attachment":[{"href":"https:\/\/kohyoung.com\/en\/wp-json\/wp\/v2\/media?parent=19304"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kohyoung.com\/en\/wp-json\/wp\/v2\/categories?post=19304"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kohyoung.com\/en\/wp-json\/wp\/v2\/tags?post=19304"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}