[Info-vax] VMS Integrity, SSL1 and SSL V1.4 coexistence

Rich Jordan jordan at ccs4vms.com
Mon Jul 15 20:05:47 EDT 2019 

We are upgrading our local VMS IA64 test system from V8.3 to V8.4 in test/prep for upgrading a customer.  I have test apps ready for their current use of STunnel, GSoap, and FreeTDS (the rest is bog standard VMS stuff).  The V8.4 upgrade completed, and the 'remaster' IA64 also installed PCSI V2, Update V5, and a Fibre-Scsi kit.

Per the Update V14 kit release notes the only pre-requisites for it are PCSI V4 and HPBINARYCHECKER-V0102, but UPDATE 14 won't install, complaining about the lack of SSL1 installed, unless you use the /OPTION=NOVALIDATE, which is not ideal.   

The earlier UPDATE ECO release notes do not reference SSL1 at all and Update 3 only mentions SSL V1.4 due to the binary incompatibility/need to recompile issues versus V1.3

The PCSI V4 (and earlier) kit release notes also have no mention of SSL or SSL1.

The LDAP 3 kit does require SSL1 as a prerequisite, as does LDAP 4 but those are not part of the UPDATE ECOs, and presumably would normally be installed afterwards.  I see lots of 'adds support for SSL1' in the other ECO release notes, but no prerequisites.

The customer VMS systems is not using LDAP at all but even skipping LDAP ECO 4 may not be an option since it a category 1 patch.

So is this just a documentation mess, and SSL1 really is a requirement?  And presumably one that should be installed earlier in the upgrade cycle, prior to the major post upgrade UPDATE ECO?

Interestingly/sadly, the HPe Layered Product Release History spreadsheet has no entries for SSL1 in it. And all the links to online support documents are broken/dead.  The links in the 'VMS uber-doc' that HPE now provides only goes up to SSL1 V1.0-2G, but I have a kit that claims to be V1.0-2L and -2O


We're not 100% sure our apps are even going to be affected but if they are we need SSL V1.4 in place, and the release notes roughly cover that situation.  I know about the security issues with non-current SSL; these are internal use apps on an inside secure network, some of which may not be able to be rebuilt at this time.  But that is why we're testing.

Thanks for any enlightenment.  Figures my first chance to work with VMS again in a while is turning into an HP induced snarleow.

More information about the Info-vax mailing list