HPE Community
Operating System - OpenVMS
1827819 Members
1888 Online
109969 Solutions
New Discussion

Is a new version of OpenSSL for OpenVMS coming soon?

 
SOLVED
Go to solution
Neil Rieck
Advisor

‎06-17-2009 12:08 PM

‎06-17-2009 12:08 PM

Is a new version of OpenSSL for OpenVMS coming soon?

The current version of OpenSSL from HP is somewhat dated:

OpenSSL 0.9.7e 25 Oct 2004
SSL for OpenVMS V1.3 May 26 2006.

Information at www.OpenSSL.org indicates they are testing "OpenSSL 1.0.0 Beta 2". Does HP have any plans to port this to OpenVMS once it moves out of beta?
0 Kudos
13 REPLIES 13
Steven Schweda
Honored Contributor

‎06-17-2009 01:22 PM

‎06-17-2009 01:22 PM

Re: Is a new version of OpenSSL for OpenVMS coming soon?

> The current version of OpenSSL from HP is
> somewhat dated:

The current version of lots of open-source
software for VMS from HP is at _least_
somewhat dated.

No guarantees, but around here:

ALP $ openssl version
OpenSSL 0.9.8k 25 Mar 2009

http://antinode.info/ftp/openssl/0_9_8k/

I've gotten no user feedback on it, but it
seems to do what I wanted done.

Recent communication on the OpenSSL Project
Development Mailing List suggests that
there's some hope of getting some working VMS
builders incorporated into 1.0.0 beta X
(X > 2). I'm not holding my breath, but It's
at least possible that some future official
kit won't be quite as useless on VMS as the
recent ones have been. (The current mess is
Alpha-only, and has some other undesirable
characteristics.)

Back in January '09, I did get a sign of
interest from a fellow at HP, but I don't
know if he still exists, or if anything came
of it. So I know nothing about any plans at
HP.

For those who don't follow this stuff
closely, I gather that the plan is not to
release 0.9.9, so 1.0.0 should be the next
big thing (unless someone finds a big enough
problem in 0.9.8k to justify a 0.9.8l).
0 Kudos
Ian Miller.
Honored Contributor

‎06-17-2009 11:47 PM

‎06-17-2009 11:47 PM

Re: Is a new version of OpenSSL for OpenVMS coming soon?

Apart from the date, is the some issue with 0.9.7e which is solved in a later version?
____________________
Purely Personal Opinion
0 Kudos
Richard Whalen
Honored Contributor

‎06-18-2009 02:18 AM

‎06-18-2009 02:18 AM

Re: Is a new version of OpenSSL for OpenVMS coming soon?

9.8k offers some new encryption mechanisms and numerous bug fixes and corrections to security problems. See http://www.openssl.org/news/ for details.
0 Kudos
Rick Retterer
Respected Contributor

‎06-18-2009 11:41 AM

‎06-18-2009 11:41 AM

Re: Is a new version of OpenSSL for OpenVMS coming soon?

Neil,
Just a FYI, there is a up-coming release of OpenSSL on OpenVMS that is due out sometime in the next month or two.

A specific release date has not yet been announced.

The version that will be released for OpenVMS is will be OpenSSL v0.9.8h.

As you stated it will have some new features and several security issues addressed.


Rick Retterer
- Rick Retterer



0 Kudos
Steven Schweda
Honored Contributor

‎06-18-2009 12:23 PM

‎06-18-2009 12:23 PM

Re: Is a new version of OpenSSL for OpenVMS coming soon?

> The version that will be released for
> OpenVMS is will be OpenSSL v0.9.8h.

Which will bring us up to date with what,
28-May-2008?

> As you stated it will have some new
> features and several security issues
> addressed.

Which, I suspect, could be said of i, j, and
k, too.
0 Kudos
Rick Retterer
Respected Contributor

‎06-18-2009 12:29 PM

‎06-18-2009 12:29 PM

Re: Is a new version of OpenSSL for OpenVMS coming soon?

Steven,

I'm just the messenger here, or Parrot if thats how you look at it.

I didn't make the decision on which version to draw the line in the sand to, or the stake to drive into the ground.

Neil asked the question, I told him what I knew.

Rick.
- Rick Retterer



0 Kudos
Srividhya Subramanian
New Member

‎06-18-2009 09:38 PM

‎06-18-2009 09:38 PM

Re: Is a new version of OpenSSL for OpenVMS coming soon?

Hi,

Next version of openSSL on OpenVMS is based on OpenSSL V0.9.8h. Scheduled to be relesed in Sep/Oct'09 time frame.
Following CVE numbers are being fixed in the this version.
CVE-2006-2937
CVE-2006-2940
CVE-2006-3738
CVE-2006-4343
0 Kudos
Jansen_8
Regular Advisor

‎06-19-2009 01:59 AM

‎06-19-2009 01:59 AM

Solution

Re: Is a new version of OpenSSL for OpenVMS coming soon?

Note that all the distribution from www.openssl.org contain OpenVMS support. I was able to compile all the recent (stableβ) on my Alpha VMS8.3 systems

see also http://nchrem.tnw.tudelft.nl/openvms/software2.html#OSSL

Jouk
0 Kudos
Richard J Maher
Trusted Contributor

‎06-19-2009 03:16 AM

‎06-19-2009 03:16 AM

Re: Is a new version of OpenSSL for OpenVMS coming soon?

Hi Srividhya,

Can you please explain why an application-based encryption and authentication protocol like OpenSSL is deemed necessary for VMS, yet an IP-level encryption and authentication protocol like IPsec (that is already written and transparently supports any application protocol on top of it) is not?

No httpS, no Sftp/ftpS/SCP, no SSH, no *each and every application* having to code and support the SSL extension?

Regards Richard Maher
0 Kudos
Steven Schweda
Honored Contributor

‎06-19-2009 07:51 AM

‎06-19-2009 07:51 AM

Re: Is a new version of OpenSSL for OpenVMS coming soon?

> I'm just the messenger here, [...]

Did I accuse anyone of anything?

> Note that all the distribution from
> www.openssl.org contain OpenVMS support.

They claim to.

> I
> was able to compile all the recent
> (stableβ) on my Alpha VMS8.3 systems

Was that before or after the patches? Did
you make the shared images? Did you run the
tests?

I'm glad that you're happy. Now, try it on a
VAX or IA64 system. Then try it on a VAX or
IA64 system in the same source tree as you
used for the Alpha, and see what gets
damaged.

I didn't say that the official kits were
useless, but I certainly had some problems with them.
0 Kudos
Richard Whalen
Honored Contributor

‎06-19-2009 10:55 AM

‎06-19-2009 10:55 AM

Re: Is a new version of OpenSSL for OpenVMS coming soon?

The code may not compile on VAX because SEED.C will cause the optimizer to get stuck in a loop. There may also be some challenges due to some code needing 64 bit arithmetic.

The biggest challenge of trying to generate files for all three architectures from a single directory is that there is a .H file that gets generated assumes that it will only be used on the architecture that it is generated on. I have tried to create a unified one that allows for a single file to be used on VAX/AXP/ia64, but more recently went to the approach of renaming the generated .H files to be architecture specific names and creating an upper level .H file with the generic name that will determine the appropriate specific file.
0 Kudos
Steven Schweda
Honored Contributor

‎06-19-2009 07:46 PM

‎06-19-2009 07:46 PM

Re: Is a new version of OpenSSL for OpenVMS coming soon?

> The code may not compile on VAX [...]

Yup. Found those. My changes are described
in:

http://antinode.info/ftp/openssl/0_9_8k/notes_0_9_8k.txt

[...]
Added "seed" to "COMPILEWITH_CC5" module list.
[...]
Added new "!VMSV" code to several 64-bit items
which are not available on VAX.
[...]
Moved VMS architecture-specific code for
"opensslconf.h" into "opensslconf.in.h", and
moved the generated "opensslconf.h" into an
architecture-specific directory (in case other
configuration data differ).
[...]

As usual, there is seldom only one way to
solve a problem. But, so far as I can tell,
no one working on the main OpenSSL code had
been making any of the fundamental changes
needed, so I made some and reported what I
did. I still don't know if any of my changes
will be adopted, but, as I said, my stuff
seems to do what I wanted done, and it's
available if anyone is interested.
0 Kudos
Neil Rieck
Advisor

‎06-29-2009 06:07 AM

‎06-29-2009 06:07 AM

Re: Is a new version of OpenSSL for OpenVMS coming soon?

Yes, new update coming.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.