[Info-vax] OpenSSL CSWS-2.2-1
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Sat Apr 6 13:24:01 EDT 2019
On 2019-04-06 12:32:57 +0000, Neil Rieck said:
> Strictly as an emergency backup plan, I've been working on trial to
> replace CSWS-2.2-1 with WASD-11.
The current OpenVMS CSWS version is based on Apache HTTP Server V2.4-38.
Apache HTTP Server 2.4-39 is current.
List of security issues identified in the 2.4 series, including in 2.4-38:
https://httpd.apache.org/security/vulnerabilities_24.html
Building a new version of Apache on OpenVMS is somewhat of a project,
though it's possible.
Updating OpenSSL TLS would usually be a smaller project within an
existing Apache port, so long as the software versions involved aren't
too skewed.
Per Apache, "Apache HTTP Server version 2.4.39 or newer is required in
order to operate a TLS 1.3 web server with OpenSSL 1.1.1."
Also per Apache, "Please note the 2.2.x branch has now passed the end
of life at the Apache HTTP Server project and no further activity will
occur including security patches."
"Y2K20"? Obfuscare, err, obfuscate much? Why not MMXX? 🤪
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list