[Info-vax] OpenSSL CSWS-2.2-1
Neil Rieck
n.rieck at sympatico.ca
Thu Mar 14 12:36:33 EDT 2019
Everyone reading this already knows that HP (now HPE) used to provide free updates for CSWS (a.k.a. Apache for OpenVMS) modules including SSL, Java, PHP, etc. All of those web pages have been redirected to the common OpenVMS landing page so I guess we can assume that those days are over.
However, life goes on and I just learned that all major browsers are going to disable TLS-1.0 and TLS-1.1 sometime in 2020. Here are a few links which shine more light on the announcement.
https://www.zdnet.com/article/chrome-edge-ie-firefox-and-safari-to-disable-tls-1-0-and-tls-1-1-in-2020/
https://www.cso.com.au/article/648261/tls-1-0-1-1-will-disabled-edge-ie-chrome-firefox-safari-2020/
https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls
Now 2020 seems a long way off but web developers at my employer's company are already seeing TLS-1.0 and TLS-1.1 warnings in the AJAX transport associated with "Developer Tools" in Chrome v73 so I suggest that anyone with an OpenVMS support contract at HPE contact them for support (previously they just send out a new version of file "mod_ssl.exe"). I just filed a support request with them this morning.
Neil Rieck
Waterloo, Ontario, Canada.
http://neilrieck.net
More information about the Info-vax
mailing list