- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: SSL 1.4 breaks running environments
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-16-2010 12:06 AM
тАО06-16-2010 12:06 AM
SSL 1.4 breaks running environments
LDAP
ENCRYPT (and therefore BACKUP/ENCRYPT)
Stunnel
HP System Management Homepage (HP SMH) for OpenVMS
HP WBEM Services for OpenVMS Integrity servers
HP OpenView Operations Agent for OpenVMS
OpenView Performance Agent (OVPA) for OpenVMS
Secure Web Server
ABS
HP Enterprise Directory
iCAp/nPar (dependent on HP WBEM Services)
For the webserver that I use (WASD), there is no issue since it is supplied as object files and linked locally on installtion. But since the files in MOD_PHP are not supplied that way, they won't work.
Of course, I could install the previous version of SSL on the system and refer to that version for PHP and PHPSHR only, but I learned from an earlier version of PHP that when a shared image was referred to by a logical, this is ignored by PHP: the file MUST reside on SYS$LIBRARY.
I could add a separate directory for SSL 1.3 and add the location to the searchlist of SYS$LIBARY just for PHP, but I consider this a bad idea....
Could be assured, PLEASE, that when a VMS system is upgraded to 8.4, that ALL exsiting applications would still work - without the requirement to relink the applications - since that may not always be possible!
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-16-2010 04:19 AM
тАО06-16-2010 04:19 AM
Re: SSL 1.4 breaks running environments
http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
and updated versions of various components are appearing in patches.
If you want to use SSL V1.4 then plan it's deployment carefully.
As it appears that OpenVMS V8.4 includes SSL 1.4 then careful planning about upgrading will be needed.
HP SSL is based on OpenSSL.org and the API is not stable at least to version 1.0.0
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-17-2010 01:35 AM
тАО06-17-2010 01:35 AM
Re: SSL 1.4 breaks running environments
just after releasing HP SSL V1.4, there now also appeared a security advice against HP SSL V1.3 - what a coincidence ;-(
HPSBOV02540 SSRT090249 rev.1 - HP SSL for OpenVMS, Remote Unauthorized Data Injection, Denial of Service(Dos)
Volker.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-17-2010 02:11 AM
тАО06-17-2010 02:11 AM
Re: SSL 1.4 breaks running environments
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02227287
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-17-2010 07:14 PM
тАО06-17-2010 07:14 PM
Re: SSL 1.4 breaks running environments
At the time of writing, new versions of ENCRYPT and ACMELDAP are available for download from ITRC.
Regards,
Jeremy Begg
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-22-2010 07:21 AM
тАО06-22-2010 07:21 AM
Re: SSL 1.4 breaks running environments
Installing the older version will probably not work, I'm not sure what will happen: either it will not install, or it will remove the newer version. OpenSSL is not upward compatible between any version that has different numbers ( 9.6.7 != 9.6.8).
It's a pain.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-16-2010 08:06 AM
тАО10-16-2010 08:06 AM
Re: SSL 1.4 breaks running environments
I use WBEM$SERVER (MGMT Agents 3.4) so that I can run the SNMP page without loading Apache (I have pretty strict audit requirements that say no web servers on database servers).
I had been able to throw MGMT Agents 3.4 on Alphas and Itaniums with no issue but now it looks like I'm being forced towards SMH, which pushes me towards apache and I can't go there.
Does anybody know if there's a way to run SMH without starting the Apache server?
I know that there's something newer for Itaniums but I still have a lot of Alpha clients too.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-17-2010 03:41 AM
тАО10-17-2010 03:41 AM
Re: SSL 1.4 breaks running environments
You KNEW this beforehand! (Or at least SHOULD have known).
I was sitting in the chair next to you at the Dutch TUD when this was warned about in the "what is new in 8.4" session.
Neihther the audience nor Engineering was happy about it, but if you (have to) follow OpenSource, and OpenSource does not really care about upward compatibility, this is what you get.
But still it is REALLY unsatisfying, of course :-(
Proost.
Have one in me.
jpe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-17-2010 06:47 AM
тАО10-17-2010 06:47 AM
Re: SSL 1.4 breaks running environments
If the changes here were strictly API-level changes and whether changed APIs, new APIs, or removed APIs, then the implementation of the upgrade could have easily been handled (differently), and the results would have permitted an incremental SSL upgrade. Which implies that there were more endemic changes involved here. Which makes me curious around the changes.
Lacking the details of the complexity of the API changes (and lacking equally key, though entirely API-tangental details, including available project scheduling and staffing), I'll leave it to VMS Engineering to have made the appropriate design and deployment calls here.
--
FWIW, the OpenSSL code-base hasn't hit their V1.0 release, so they've not locked down their programming interfaces. Without (or even with!) that compatibility statement from the project team, interface changes are a normal part of software development operations with layered products, and have arisen even within VMS itself.
Yes, API compatibility has occasionally gone sideways within VMS itself, such as what happened with the BACKUP API some years back.
These sorts of incompatible changes to tools and APIs are somewhat more typical in a Unix environment, which can be (somewhat counterintuitively) a strength. Maintaining compatibility is not without its costs. (And of all the folks around, the folks in VMS engineering most definitely appreciate the costs of this compatibility.)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-17-2010 09:34 AM
тАО10-17-2010 09:34 AM
Re: SSL 1.4 breaks running environments
So be prepared for even more trouble.
OpenVMS Developer & System Manager