[Info-vax] Once again trying to use the SSL ported to VMS
Jeffrey H. Coffield
jeffrey at digitalsynergyinc.com
Tue Nov 29 11:13:05 EST 2011
On 11/28/2011 07:08 PM, David Froble wrote:
> On Nov 28, 7:06 pm, "Jeffrey H. Coffield"
> <jeff... at digitalsynergyinc.com> wrote:
>> On 11/28/2011 12:00 PM, David Froble wrote:
>>
>>> I'm once more trying to use SSL with programs written in Basic.
>>
>> I had that working (sort of) at one point but an upgrade to TCPIP
>> services broke a lot of things.
>>
>> I now use Stunnel on both Linux and OpenVMS and Pound on Linux to take
>> an encrypted connection, decrypt it and forward to my Basic program.
>> Don't know if this would work for your situation.
>>
>> Jeff Coffieldwww.digitalsynergyinc.com
>
> It is good to know that it does, or did, work. I've had some doubts.
>
> Could you share with me some of the details of your usage ?
>
> As for STunnel, the application is something that allows many trading
> partners to connect, and they won't have the product. The requirement
> is to be able to accept a socket connection using SSL for encription.
>
> I just have a hard time believing that there is are no non-C users on
> VMS using SSL ....
For STUNNEL on OpenVMS:
I downloaded STUNNEL-4_20_I64.EXE from HP and installed it on an RX2620
Itanium running OpenVMS 8.4. I don't remember all the details but I was
pleased with how easy it was to set up. The main details I remember was
I created a file STUNNEL.PEM with the certificate and the private key
and added the following to STUNNEL_SERVER.CONF:
---------------------------------
cert=stunnel.pem
key = stunnel.pem
[https]
accept = 443
connect = 192.168.0 11:80
TIMEOUTclose = 0
--------------------------------
and added $ @SSL$ROOT:[stunnel]STUNNEL_STARTUP_SERVER.COM to the system
startup. It has worked without any problems since last May.
I also use both STUNNEL and POUND on linux boxes in a DMZ to forward
connections to OpenVMS clusters. The main difference between STUNNEL and
POUND is that POUND can make decisions about how to forward based on
parts of URL's where STUNNEL can only use the IP address & port. For
older Vax and Alpha systems this also put the CPU load of the
encryption/decryption on a separate cheaper box.
Jeff Coffield
www.digitalsynergyinc.com
More information about the Info-vax
mailing list