- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: SHA1 encryption under OpenSSL
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-21-2016 07:25 AM
10-21-2016 07:25 AM
SHA1 encryption under OpenSSL
Hi , I understand that SHA1 encryption used with OpenSSL . is due to expire shortly, and wondering if this will impact upon any of the applications running on our OpenVMS system. Although I can see some OpenSSL executables on our system below, it doesnt look as if the product is fully installed ,(inc any openssl startup files or any applications accessing these files ), so assuming its safe to assume that we're not using OpenSSL for encryption and that we wont have to consider migrating to SHA2. encryption ?
Directory SYS$SYSDEVICE:[SYS0.SYSCOMMON.SSL]
OPENSSL-VMS.CNF;1
17 18-MAR-2010 21:49:58.35 [SYSTEM (RWED,RWED,RE,RE)
OPENSSL-VMS.CNF_TEMPLATE;1
17 18-MAR-2010 21:49:58.35 [SYSTEM (RWED,RWED,RE,RE)
OPENSSL.CNF;1 20 18-MAR-2010 21:49:58.37 [SYSTEM (RWED,RWED,RE,RE)
OPENSSL.CNF_TEMPLATE;1
20 18-MAR-2010 21:49:58.37 [SYSTEM (RWED,RWED,RE,RE)
Total of 4 files, 74 blocks.
Directory SYS$SYSDEVICE:[SYS0.SYSCOMMON.SSL.DOC]
OPENSSL.TXT;1 92 8-MAR-2007 09:26:14.24 [SYSTEM (RWED,RWED,RE,RE)
Total of 1 file, 92 blocks.
Directory SYS$SYSDEVICE:[SYS0.SYSCOMMON.SSL.IA64_EXE]
OPENSSL.EXE;1 9340 18-MAR-2010 20:22:44.34 [SYSTEM (RWED,RWED,RE,RE)
Total of 1 file, 9340 blocks.
Directory SYS$SYSDEVICE:[SYS0.SYSCOMMON.SSL.INCLUDE]
OPENSSLCONF.H;1 15 18-MAR-2010 18:28:12.53 [SYSTEM (RWED,RWED,RE,RE)
OPENSSLV.H;1 8 18-MAR-2010 17:04:29.51 [SYSTEM (RWED,RWED,RE,RE)
Total of 2 files, 23 blocks.
Directory SYS$SYSDEVICE:[VMS$COMMON.SSL]
OPENSSL-VMS.CNF;1
17 18-MAR-2010 21:49:58.35 [SYSTEM (RWED,RWED,RE,RE)
OPENSSL-VMS.CNF_TEMPLATE;1
17 18-MAR-2010 21:49:58.35 [SYSTEM (RWED,RWED,RE,RE)
OPENSSL.CNF;1 20 18-MAR-2010 21:49:58.37 [SYSTEM (RWED,RWED,RE,RE)
OPENSSL.CNF_TEMPLATE;1
20 18-MAR-2010 21:49:58.37 [SYSTEM (RWED,RWED,RE,RE)
Total of 4 files, 74 blocks.
Directory SYS$SYSDEVICE:[VMS$COMMON.SSL.DOC]
OPENSSL.TXT;1 92 8-MAR-2007 09:26:14.24 [SYSTEM (RWED,RWED,RE,RE)
Total of 1 file, 92 blocks.
Directory SYS$SYSDEVICE:[VMS$COMMON.SSL.IA64_EXE]
OPENSSL.EXE;1 9340 18-MAR-2010 20:22:44.34 [SYSTEM (RWED,RWED,RE,RE)
Total of 1 file, 9340 blocks.
Directory SYS$SYSDEVICE:[VMS$COMMON.SSL.INCLUDE]
OPENSSLCONF.H;1 15 18-MAR-2010 18:28:12.53 [SYSTEM (RWED,RWED,RE,RE)
OPENSSLV.H;1 8 18-MAR-2010 17:04:29.51 [SYSTEM (RWED,RWED,RE,RE)
Total of 2 files, 23 blocks.
Grand total of 8 directories, 16 files, 19058 blocks.
- Tags:
- OpenSSL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-22-2016 02:13 PM
10-22-2016 02:13 PM
Re: SHA1 encryption under OpenSSL
FYI: Technically SHA1 and SHA2 are a hash or digest, not the cipher itself.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2016 01:55 AM
10-25-2016 01:55 AM
Re: SHA1 encryption under OpenSSL
FYI: Technically SHA1 and SHA2 are a hash or digest, not the cipher itself.
Okay but just wondering how we can establish, in advance, whether we will be impacted by loss of SHA1 encryption under OpenSSL . i understand that HP Openview operations agent for OpenVMS (OVA) and HP System management (SMH) - (both of which we use) , are reliant on SSL but not sure how to ascertain whether the loss of SHA1 encryption under OpenSSl will have any impact on this s/ware and/or any certificates currently installed ? We currently have the following versions of SSL installed on our live Alpha/Integrity Servers running OpenVMS, and so wondering whether any potential issues would be addressed by upgrading to (latest ?) version HP SSL1 V 1.0 (mentioned in the following article.) although note that HP SSL1 V1.0 is only compatible with OpenVMS 8.4.
http://h41379.www4.hpe.com/openvms/products/ssl/ssl.html
p.s We curently have the following versions of SSL / VMS installed
OpenVMS SSL
------------------------------------------------------------------------
AXPVMS OPENVMS V8.3 V 1.3-281
I64VMS 8.3-1H1 V 1.3-284
I64VMS OPENVMS V8.4 V 1.4-334
I64VMS OPENVMS V8.4 V1.4-334
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2016 06:57 AM
10-25-2016 06:57 AM
Re: SHA1 encryption under OpenSSL
> [...] it doesnt look as if the product is fully installed ,(inc any
> openssl startup files or any applications accessing these files ), [...]
Where did you look? To see what's installed:
product show product *ssl*
Around here, I see start-up files: SYS$STARTUP:*ssl*.com
> [...] wondering if this will impact upon any of the applications
> running on our OpenVMS system. [...]
Some of us have little idea which applications are running on your
OpenVMS system.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-26-2016 01:08 AM
10-26-2016 01:08 AM
Re: SHA1 encryption under OpenSSL
Thanks for the feedback,
OpenVMS SSL
------------------------------------------------------------------------
AXPVMS OPENVMS V8.3 V 1.3-281
I64VMS 8.3-1H1 V 1.3-284
I64VMS OPENVMS V8.4 V 1.4-334
I64VMS OPENVMS V8.4 V1.4-334
Where did you look? To see what's installed:
product show product *ssl*
Around here, I see start-up files: SYS$STARTUP:*ssl*.com
> If you look at the previous update I posted to this call, you'll see that we do have SSL installed on all of our Integrity/Alpha VMS boxes. below.. My original comments referred to OpenSSL not SSL (as I making the incorrect assumption that OpenSSL and SSL aren't interlinked).
HP I64VMS SSL V1.4-334
HP AXPVMS SSL V1.3-281
HP I64VMS SSL V1.3-284
> [...] wondering if this will impact upon any of the applications
> running on our OpenVMS system. [...]
Some of us have little idea which applications are running on your
OpenVMS system.
> The only "application" I can see on our systems which appears to reference SSL is HP OpenView Operations Agent for OpenVMS (OVA) and so wondering whether this is likely to be affected by the potential issue surrouding SHA1 encryption expiring ? I note that HPE SSL1 1.02h is the latest product available for systems running OpenVMS 8.4 so wondering whether this would address any potential issues and/or whether we need to consider migrating to SSH2 encryption ? We also have some Alpha Systems running OpenVMS 8.3 (which also run OpenView Operations Agent for OpenVMS - OVA), so given that we cant upgrade to HP SS1 (without upgrading to OpenVMS 8.4) , wondering if we're likely to suffer any associated issues when SSH1 encryption expires ?