[Info-vax] VMS Integrity, SSL1 and SSL V1.4 coexistence
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Mon Jul 15 22:52:04 EDT 2019
On 2019-07-16 00:05:47 +0000, Rich Jordan said:
> So is this just a documentation mess, and SSL1 really is a requirement?
You've answered that yourself, but you can get the official answer
directly from HPE. A call which will be answered by folks working at
VSI given that's where HPE front-line support is reportedly provided
now, BTW.
I'm among the instigators of this, as I'd requested that the older and
the newer SSL kits be able to coexist. This so that we didn't have to
go through another upgrade-everything-at-once, akin to the SSL V1.3 to
SSL V1.4 adventure.
Here? Install both the most recent SSL kit and the most recent SSL1
kit available to you, and whichever kit you want to be the default
should be started second. I'd start up SSL1 second and use that,
unless you have a good reason not to.
There's little overlap here and apps can request the specific kit of
interest using either SSL$mumble or SSL1$mumble, though there's one
logical name—OPENSSL—that collides.
The folks at VSI have only just started to drain the swamp here.
OpenVMS V8.4-2L1 and V8.4-2L2 contain "the VSI way" of implementing
TLS; the first few whacks toward better addressing this morass.
The most recent SSL1 kits are based on OpenSSL 1.0.2r, when last I
checked. OpenSSL 1.0.2s is current.
SSL111 is available with TLSv1.3 support, and is based on OpenSSL
1.1.1b. OpenSSL 1.1.1c is current.
HPE tended to trail on OpenSSL-related kits and availability.
HPE ceases new-patches support in less than 18 months.
Related previous discussions:
https://groups.google.com/d/msg/comp.os.vms/x_VmkaAYEHw/uzw2u6FEBgAJ
https://groups.google.com/d/msg/comp.os.vms/cdxwsxa9wwE/VAgtGo33BgAJ
OpenSSL configuration generator and server-side TLS settings:
https://ssl-config.mozilla.org
https://wiki.mozilla.org/Security/Server_Side_TLS
Apropos of little else here, OpenSSH and not SSL:
https://infosec.mozilla.org/guidelines/openssh
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list