HPE Community
Operating System - OpenVMS
1752598 Members
5453 Online
108788 Solutions
New Discussion юеВ

Re: Is a new version of OpenSSL for OpenVMS coming soon?

 
SOLVED
Go to solution
Neil Rieck
Advisor

тАО06-17-2009 12:08 PM

тАО06-17-2009 12:08 PM

Is a new version of OpenSSL for OpenVMS coming soon?

The current version of OpenSSL from HP is somewhat dated:

OpenSSL 0.9.7e 25 Oct 2004
SSL for OpenVMS V1.3 May 26 2006.

Information at www.OpenSSL.org indicates they are testing "OpenSSL 1.0.0 Beta 2". Does HP have any plans to port this to OpenVMS once it moves out of beta?
0 Kudos
13 REPLIES 13
Steven Schweda
Honored Contributor

тАО06-17-2009 01:22 PM

тАО06-17-2009 01:22 PM

Re: Is a new version of OpenSSL for OpenVMS coming soon?

> The current version of OpenSSL from HP is
> somewhat dated:

The current version of lots of open-source
software for VMS from HP is at _least_
somewhat dated.

No guarantees, but around here:

ALP $ openssl version
OpenSSL 0.9.8k 25 Mar 2009

http://antinode.info/ftp/openssl/0_9_8k/

I've gotten no user feedback on it, but it
seems to do what I wanted done.

Recent communication on the OpenSSL Project
Development Mailing List suggests that
there's some hope of getting some working VMS
builders incorporated into 1.0.0 beta X
(X > 2). I'm not holding my breath, but It's
at least possible that some future official
kit won't be quite as useless on VMS as the
recent ones have been. (The current mess is
Alpha-only, and has some other undesirable
characteristics.)

Back in January '09, I did get a sign of
interest from a fellow at HP, but I don't
know if he still exists, or if anything came
of it. So I know nothing about any plans at
HP.

For those who don't follow this stuff
closely, I gather that the plan is not to
release 0.9.9, so 1.0.0 should be the next
big thing (unless someone finds a big enough
problem in 0.9.8k to justify a 0.9.8l).
0 Kudos
Ian Miller.
Honored Contributor

тАО06-17-2009 11:47 PM

тАО06-17-2009 11:47 PM

Re: Is a new version of OpenSSL for OpenVMS coming soon?

Apart from the date, is the some issue with 0.9.7e which is solved in a later version?
____________________
Purely Personal Opinion
0 Kudos
Richard Whalen
Honored Contributor

тАО06-18-2009 02:18 AM

тАО06-18-2009 02:18 AM

Re: Is a new version of OpenSSL for OpenVMS coming soon?

9.8k offers some new encryption mechanisms and numerous bug fixes and corrections to security problems. See http://www.openssl.org/news/ for details.
0 Kudos
Rick Retterer
Respected Contributor

тАО06-18-2009 11:41 AM

тАО06-18-2009 11:41 AM

Re: Is a new version of OpenSSL for OpenVMS coming soon?

Neil,
Just a FYI, there is a up-coming release of OpenSSL on OpenVMS that is due out sometime in the next month or two.

A specific release date has not yet been announced.

The version that will be released for OpenVMS is will be OpenSSL v0.9.8h.

As you stated it will have some new features and several security issues addressed.


Rick Retterer
- Rick Retterer



0 Kudos
Steven Schweda
Honored Contributor

тАО06-18-2009 12:23 PM

тАО06-18-2009 12:23 PM

Re: Is a new version of OpenSSL for OpenVMS coming soon?

> The version that will be released for
> OpenVMS is will be OpenSSL v0.9.8h.

Which will bring us up to date with what,
28-May-2008?

> As you stated it will have some new
> features and several security issues
> addressed.

Which, I suspect, could be said of i, j, and
k, too.
0 Kudos
Rick Retterer
Respected Contributor

тАО06-18-2009 12:29 PM

тАО06-18-2009 12:29 PM

Re: Is a new version of OpenSSL for OpenVMS coming soon?

Steven,

I'm just the messenger here, or Parrot if thats how you look at it.

I didn't make the decision on which version to draw the line in the sand to, or the stake to drive into the ground.

Neil asked the question, I told him what I knew.

Rick.
- Rick Retterer



0 Kudos
Srividhya Subramanian
New Member

тАО06-18-2009 09:38 PM

тАО06-18-2009 09:38 PM

Re: Is a new version of OpenSSL for OpenVMS coming soon?

Hi,

Next version of openSSL on OpenVMS is based on OpenSSL V0.9.8h. Scheduled to be relesed in Sep/Oct'09 time frame.
Following CVE numbers are being fixed in the this version.
CVE-2006-2937
CVE-2006-2940
CVE-2006-3738
CVE-2006-4343
0 Kudos
Jansen_8
Regular Advisor

тАО06-19-2009 01:59 AM

тАО06-19-2009 01:59 AM

Solution

Re: Is a new version of OpenSSL for OpenVMS coming soon?

Note that all the distribution from www.openssl.org contain OpenVMS support. I was able to compile all the recent (stable╬▓) on my Alpha VMS8.3 systems

see also http://nchrem.tnw.tudelft.nl/openvms/software2.html#OSSL

Jouk
0 Kudos
Richard J Maher
Trusted Contributor

тАО06-19-2009 03:16 AM

тАО06-19-2009 03:16 AM

Re: Is a new version of OpenSSL for OpenVMS coming soon?

Hi Srividhya,

Can you please explain why an application-based encryption and authentication protocol like OpenSSL is deemed necessary for VMS, yet an IP-level encryption and authentication protocol like IPsec (that is already written and transparently supports any application protocol on top of it) is not?

No httpS, no Sftp/ftpS/SCP, no SSH, no *each and every application* having to code and support the SSL extension?

Regards Richard Maher
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.