[Info-vax] New OpenSSL update from HP

[Jan-Erik Soderholm]

Dirk Munk skrev den 2015-06-15 00:11:
> David Froble wrote:
>> Dirk Munk wrote:
>>> RobertsonEricW wrote:
>>>> This is precisely what the Open Source on OpenVMS group is attempting
>>>> to facilitate through its efforts to port to OpenVMS the basic GNU
>>>> tools necessary for building the most frequently used GNU tools and
>>>> to start creating the infrastructure to automatically build and test
>>>> the current builds of GNU Software. Effort has been admittedly
>>>> sluggish to materialize over the course of the last few years.
>>>> However, given that the time and effort generated thus far has been
>>>> almost entirely on a volunteer basis, this is not that surprising.
>>>> However, with VSI and other participants now beginning to take an
>>>> interest, the number of active volunteers is now on the increase.
>>>> This should help to quicken the pace of porting some of the critical
>>>> tools to OpenVMS which should in turn solidify the usefulness of the
>>>> GNV environment in producing further, maintainable ports of Open
>>>> Source tools and utilities. It is hoped that in the future, the
>>>> solidification of GNV will lessen the occurrence for some of
>>> these one-off ports  from multiple quarters (of which these different
>>> and  more recent ports of OpenSSL are but one example).
>>>>
>>>
>>> I get your point, and in general that is fine. However with SSL it is
>>> another matter. It's a vital part of TCP/IP security, and it should be
>>> maintained by HP, or now VSI. I would like to see top quality
>>> professional programmers working on this. It should be just like any
>>> other VMS software product from HP/VSI.
>>>
>>> I will even go further than that. We can ask ourselves if an OpenSSL
>>> port is the best way for a VMS SSL product. Other companies have
>>> developed their own SSL package, and I can imagine that a native VMS
>>> SSL package would be a better and more effective piece of software.
>>
>> They'd probably still write it in C.  What would be the gain?
>
> Even if it would be written in C, that doesn't mean anything. If you have
> poor programming skills in a certain language, you will write poor programs
> in that language. If you have good programming skills, you will more likely
> write good programs.
>
> I've been reading about the differences between WASD and CSWS (or Apache.
> WASD is doing certain things the VMS way, and CSWS does similar things the
> Unix way. WASD is far more efficient.....
>
> A similar effect could be seen with SSL as well. I'm speculating here, but
> doing certain low level things the VMS way instead of a Unix way could be
> far more efficient.
>

I'm not sure that one can use the WASD/CSWS differences as a proof that
a "native" SSL would be "better" then beeing a common source code.

One of the reasons CSWS performes less good on VMS is becuse of the
high use of forked subprocesses. *That* is inefficient on VMS.
Now, I do not think than SSL has much of that.



>>
>> Now, I'm guessing, and I'd hope to be wrong.  If VSI wrote a VMS SSL
>> product, would the design everyone uses be available?  What I'm asking
>> is, "is there a specification?".

A Specification for what? SSL/TSL? This page has a lot of RFC references:
https://en.wikipedia.org/wiki/Transport_Layer_Security

The latest TLS 1.2: https://tools.ietf.org/html/rfc5246


>> If not, then as usual, it's just some
>> C code you need to figure out.
>>
>> If there was a specification, then keeping a VMS based product up to
>> date should be doable.
>