[Info-vax] OpenSSL 3.0.1 and OpenSSH 8.8 (was: Re: SSL V3)

[Stephen Hoffman]

On 2022-02-16 16:58:13 +0000, Galen said:

> Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
>> 
>> The OpenSSL v3.0-1 release notes make it very clear…
>> 
> [to me] that I have no reason to envy anyone the task of dealing with 
> this hash (that is, mess).

The upgrade from OpenSSL 0.9.x to OpenSSL 1—known as SSL V1.3 to SSL 
V1.4 on OpenVMS, back when the OpenVMS versions didn't parallel the 
upstream versions—required everything else linked with SSL to upgrade. 
Locally, there were a couple of other products affected, but some sites 
had a half-dozen or more apps or tools that needed upgrades parallel to 
the SSL V1.4 upgrade.

That this area is still a bit of a hash—though somewhat less so, as a 
rolling upgrade of apps and products is now usually possible—is also 
why there are somewhat more stable networking frameworks available on 
some other platforms. Some of those frameworks include easier handling 
of the rest of of app networking; of DNS or mDNS, IPv4 and IPv6 
transparency, and related error handling and recovery and 
authentication.

[Ponders whether the existing multi-version support within OpenVMS 
would permit a parallel installation of LibreSSL and its libtls API, as 
an alternative to OpenSSL and its API on OpenVMS.]




-- 
Pure Personal Opinion | HoffmanLabs LLC