[Info-vax] OpenSSL CSWS-2.2-1

[Dave Froble]

On 4/6/2019 8:17 PM, Robert A. Brooks wrote:
> On 4/6/2019 6:54 PM, terry-groups at glaver.org wrote:
>> On Saturday, April 6, 2019 at 1:24:05 PM UTC-4, Stephen Hoffman wrote:
>>> The current OpenVMS CSWS version is based on Apache HTTP Server V2.4-38.
>>
>> Is it really that up-to-date? I'd be amazed. A Google search for "OpenVMS
>> CSWS" leads me to
>> https://support.hpe.com/hpsc/doc/public/display?docId=a00058394en_us
>> which
>> says it is based on Apache 2.0.65, and took apparently nearly a year
>> and a
>> half (based on June 2013 release date from the Apache Foundation and an
>> October 2014 date on the HP release notes).
>
> We (VSI) have a much more current version of Apache, although I'd be
> hard-pressed to tell you what that is.  I suspect the version that Steve
> referred to is ours.

That was my impression.

>> The three things I think HP got wrong (and Compaq and DEC before them)
>> are:
>
>> 1) Thinking that "port once and done" is a workable solution, and when
>> they
>> find out it isn't, making another "port once and done" effort. This is
>> something that needs to continuously track the upstream branch.
>
> We are not going the DEC/CPQ/HP way.  We've got a group of people
> who are dedicated to open source work.  The current big effort is with
> Samba.
> I'm pretty sure that OpenSSL V1.1.1 is also underway.

I'm in the process of installing and learning a bit about Mark Daniel's 
WASD web server.  Included, and optional, is the (I believe) OpenSSL 
V1.1.1.  At least it is claimed to do TLS V1.3.

Now, I have no idea if it is a complete port of OpenSSL, or, just enough 
for WASD.  Might be worth checking out, and if Mark can provide VMS 
users with a good port of OpenSSL, why not take advantage of that?



-- 
David Froble                       Tel: 724-529-0450
Dave Froble Enterprises, Inc.      E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA  15486