What possibilities are there to be able to ensure the application uses always the latest version of the OpenSSL libraries? The assumption being it is not possible (or a very large effort) to recompile and ship the application.
There is the com.rti.serv.secure.openssl_engine property which looks like it would be the one to use (see 12. Support for OpenSSL Engines — RTI Security Plugins User's Manual 7.0.0 documentation). If I compile an application to statically link to the OpenSSL version shipped with the DDS libraries, could this property be used to point to and load the newest OpenSSL library version?
I believe that the openssl_engine property is for customers to use custom cryto libraries that implement the openssl engine interface. Having said that, yes, I guess you can use that to point to any library that implements the interface, including openssl itself...but haven't tried it.
On the other hand...if you just build your application to use the OpenSSL libraries as dynamic libraries, then you can always change exactly which libraries your application uses when it starts. Of course, they'll have to be backwards compatible with whatever version of the OpenSSL libraries the Connext DDS Secure plugins were compatible with...