cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Did you get called away in the middle of writing a post? Don't worry you can find your unfinished post later in the Drafts section of your profile page. X

Translate the entire conversation x

Update Windchill Apache because of OpenSSL

Go to solution
jw_CS
13-Aquamarine
13-Aquamarine
‎Feb 02, 2026 04:09 AM
‎Feb 02, 2026 04:09 AM

Update Windchill Apache because of OpenSSL

Version: Windchill 12.1

 

Use Case: Tips regarding OpenSSL Update


Description:

Hi

I have set Windchill version on 12.1, even if my question is probably valid for a whole range of other Windchill versions.
Last week there is released a new version of OpenSSL(3.6.1) because of 12 vulnerabilities. Since Windchill is delivered with Apache and thus OpenSSL. What is best way for updating.

If PTC is releasing a fix? If not what is best way to update Apache?

 

 

Labels:
0 Kudos
Notify Moderator
ACCEPTED SOLUTION

Accepted Solutions
mmeadows-3
16-Pearl
16-Pearl
(To:jw_CS)
‎Feb 02, 2026 07:00 AM
‎Feb 02, 2026 07:00 AM

There is no documented or supported method to manually update Windchill's Apache or OpenSSL.

https://www.ptc.com/en/support/article/CS381201

 

This article shows the OpenSSL and Apache versions per Windchill release.

https://www.ptc.com/en/support/article/CS331220

If you don't see the version you want, log a call with PTC and ask them when it will be supported.  Also ask them if the bug list you referenced has any bearing on OpenSSL 3.0.X versions.  It may be that 3.6.1 is fixing bugs introduced in versions greater than the 3.0.x stream.

 

According to PTC, the only way to get security fixes for Apache and OpenSSL is by patching Windchill.  So, if you do see the version you want, update Windchill to the latest maintenance patch.

https://www.ptc.com/en/support/article/CS422246

 

View solution in original post

Notify Moderator
3 REPLIES 3
mmeadows-3
16-Pearl
16-Pearl
(To:jw_CS)
‎Feb 02, 2026 07:00 AM
‎Feb 02, 2026 07:00 AM

There is no documented or supported method to manually update Windchill's Apache or OpenSSL.

https://www.ptc.com/en/support/article/CS381201

 

This article shows the OpenSSL and Apache versions per Windchill release.

https://www.ptc.com/en/support/article/CS331220

If you don't see the version you want, log a call with PTC and ask them when it will be supported.  Also ask them if the bug list you referenced has any bearing on OpenSSL 3.0.X versions.  It may be that 3.6.1 is fixing bugs introduced in versions greater than the 3.0.x stream.

 

According to PTC, the only way to get security fixes for Apache and OpenSSL is by patching Windchill.  So, if you do see the version you want, update Windchill to the latest maintenance patch.

https://www.ptc.com/en/support/article/CS422246

 

Notify Moderator
avillanueva
23-Emerald I
23-Emerald I
(To:mmeadows-3)
‎Feb 02, 2026 10:10 AM
‎Feb 02, 2026 10:10 AM

@mmeadows-3 is right. I would also note that OpenSSL 3.0 is a LTS release which is why it appears to remain the one they deploy. This is similar to PTC releases. It is possible for you to deploy your own webserver to whatever version you want and not use the PTC supplied one. Curious is the CVEs fixed in 3.6.1 are back ported to 3.0.x.

0 Kudos
Notify Moderator
jw_CS
13-Aquamarine
13-Aquamarine
(To:avillanueva)
‎Feb 02, 2026 10:27 AM
‎Feb 02, 2026 10:27 AM

They Did already

jw_CS_0-1770034861442.png

There is a new release of every version of the series (https://openssl-library.org/source/)

But why 3.0.x and not 3.5.x?

0 Kudos
Notify Moderator
Announcements
Contact Community Management
Top Tags