1. Forum
  2. Usenet
  3. COMP.SYS.TANDEM

  • Question for Everyone Regarding ITUGLIB

    From Randall@21:1/5 to All on Fri Dec 24 11:01:59 2021
    Hi Everyone,

    I noticed that most of the OpenSSL downloads are still from the 1.0.2 series or older - there was recently even a 1.0.1 download. Is anyone having difficulty with the more recent versions of builds done by ITUGLIB? Are the builds on too recent RVUs? Is
    there something we can do better?

    Thanks,
    Randall

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From red floyd@21:1/5 to Randall on Fri Dec 24 12:10:50 2021
    On 12/24/2021 11:01 AM, Randall wrote:
    Hi Everyone,

    I noticed that most of the OpenSSL downloads are still from the 1.0.2 series or older - there was recently even a 1.0.1 download. Is anyone having difficulty with the more recent versions of builds done by ITUGLIB? Are the builds on too recent RVUs? Is
    there something we can do better?


    Hi Randall, I haven't downloaded in a while, but I'm wondering if it's
    the API change in 1.1.x? Nothing to do with your awesome efforts
    at all?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Randall@21:1/5 to red floyd on Sat Dec 25 17:54:59 2021
    On Friday, December 24, 2021 at 3:10:52 p.m. UTC-5, red floyd wrote:
    On 12/24/2021 11:01 AM, Randall wrote:
    Hi Everyone,

    I noticed that most of the OpenSSL downloads are still from the 1.0.2 series or older - there was recently even a 1.0.1 download. Is anyone having difficulty with the more recent versions of builds done by ITUGLIB? Are the builds on too recent RVUs?
    Is there something we can do better?

    Hi Randall, I haven't downloaded in a while, but I'm wondering if it's
    the API change in 1.1.x? Nothing to do with your awesome efforts
    at all?

    The API had a fairly minimal set of changes at 1.1.x compared to 1.0.2. Most programs should not see a significant change, AFAIK - if any at all. There are some method signature changes but if you use the recommended #define macros, you should be
    insulated. The 3.0 change dealt with new cyphers and changes to DLL handling of engines (moved to "providers"). We rebuilt curl using 1.0.2 and 1.1.1 with no changes that we could see. 3.0.x has a small initialization change, I think. Remember that 1.0.2
    does not receive any fixes, so you could be vulnerable to CVE fixes that have been applied to 1.1.1 and 3.0.1. The biggest difference is that 1.1.x has new cyphers that 1.0.2 does not know, so if you are talking to a more up-to-date server (or client),
    you *can* vs. might not be able to. The most important change at 3.0 is that the OpenSSL code on NonStop is identical to standard code; and that PRNGD is no longer used on L-series (replaced by the x86 hardware randomizer, so FIPS certification is now
    possible). There have been certificate format changes but those were done after 1.0.2 was deprecated. Check the release notes at openssl.org.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Randall@21:1/5 to Randall on Thu Dec 30 15:57:08 2021
    On Saturday, December 25, 2021 at 8:55:00 p.m. UTC-5, Randall wrote:
    On Friday, December 24, 2021 at 3:10:52 p.m. UTC-5, red floyd wrote:
    On 12/24/2021 11:01 AM, Randall wrote:
    Hi Everyone,

    I noticed that most of the OpenSSL downloads are still from the 1.0.2 series or older - there was recently even a 1.0.1 download. Is anyone having difficulty with the more recent versions of builds done by ITUGLIB? Are the builds on too recent RVUs?
    Is there something we can do better?

    Hi Randall, I haven't downloaded in a while, but I'm wondering if it's
    the API change in 1.1.x? Nothing to do with your awesome efforts
    at all?
    The API had a fairly minimal set of changes at 1.1.x compared to 1.0.2. Most programs should not see a significant change, AFAIK - if any at all. There are some method signature changes but if you use the recommended #define macros, you should be
    insulated. The 3.0 change dealt with new cyphers and changes to DLL handling of engines (moved to "providers"). We rebuilt curl using 1.0.2 and 1.1.1 with no changes that we could see. 3.0.x has a small initialization change, I think. Remember that 1.0.2
    does not receive any fixes, so you could be vulnerable to CVE fixes that have been applied to 1.1.1 and 3.0.1. The biggest difference is that 1.1.x has new cyphers that 1.0.2 does not know, so if you are talking to a more up-to-date server (or client),
    you *can* vs. might not be able to. The most important change at 3.0 is that the OpenSSL code on NonStop is identical to standard code; and that PRNGD is no longer used on L-series (replaced by the x86 hardware randomizer, so FIPS certification is now
    possible). There have been certificate format changes but those were done after 1.0.2 was deprecated. Check the release notes at openssl.org.

    In case anyone is wondering about compatibility of OpenSSL 1.1.1 and NonStop SSL, the SPR that comes with L21.06 is 1.1.1k. Although slightly older than the ITUGLIB build, NonStop SSL has the new protocols, cyphers, and certificates that are also in the
    ITUGLIB OpenSSL build. 1.0.2 is starting to show come cracks in terms of compatibiity, so please think about upgrading. Staying on unsupported versions is not a good plan.

    Although, some of the CVEs applicable to 1.0.2 have fixes, but they are only available on a fee basis - it costs real (not cheap!) money to get the fixes from the OpenSSL team beyond 1.0.2u - and if you want help with that, please reach out to me and we
    can work something out. The more people who do, the less expensive it will be.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)