xCAT does not package OpenSSL RPM nor does it statically link to OpenSSL libraries.
Please try to get the latest OpenSSL fix from your OS distributor. No code changes to xCAT needed.
However, you can use site table attributes xcatsslciphers and xcatsslversion to tune what is and is not acceptable.
For detailed explanation and format, please read the SSL_version SSL_cipher_list section in http://search.cpan.org/~sullr/IO-Socket-SSL-2.002/lib/IO/Socket/SSL.pod
SSL connection is used for communication between xcatd and xcat Client. In xCAT 2.10 and higher, the TLSv1 is set as default version for the ssl connection between xcatd and xcat client. For the lower version, you can set the SSL version manually by yourself.
The highest SSL version that can be supported by rhels6.x and sles11.x is TLSv1, so the only ssl you can set is 'TLSv1'.
chtab key=xcatsslversion site.value=TLSv1
The highest SSL version that can be supported by rhels7.x, sles12.x and Ubuntu14.x is TLSv1.2, so you can choose one of 'TLSv1', 'TLSv1.1', or 'TLSv1.2' (The highest version TLSv1.2 is recommended) to be set.
[For rhels7.x and sles12.x] chtab key=xcatsslversion site.value=TLSv12 [For Ubuntu 14.x] chtab key=xcatsslversion site.value=TLSv1_2 [For AIX 7.1.3.x] chtab key=xcatsslversion site.value=TLSv1_2
If you want to disable some insecure ciphers, you can do the following set (This only works with xcatsslversion higher than TLSv1)
Run following command to check whether TLSv1 is supported by xcatd:
openssl s_client -connect 127.0.0.1:3001 -tls1