Installation Requirements and Prerequisites

If both a Table of Contents and Search form are not displayed in separate frames along with this one, you may wish to redisplay this book in a frameset, beginning with the first page.

HP Open Source Security for OpenVMS Volume 2:...

Installation and Release Notes

OpenSSL Documentation from The Open Group

Installation Requirements and Prerequisites

The following sections list hardware and disk space requirements, and software prerequisites.

Hardware Prerequisites

Disk Space Requirements

The HP SSL for OpenVMS kit requires approximately 45,000 blocks of working disk space to install. Once installed, the software occupies approximately 40,000 blocks of disk space.

Software Prerequisites

HP SSL for OpenVMS requires the following software.

Operating System

HP OpenVMS Alpha Version 7.3-2 or higher, or

HP OpenVMS Industry Standard 64 Version 8.2, or

HP OpenVMS VAX Version 7.3

TCP/IP Transport

HP TCP/IP Services for OpenVMS Version 5.5 or higher (for HP SSL on OpenVMS I64 and OpenVMS Alpha Version 8.2), or

HP TCP/IP Services for OpenVMS Version 5.4 or higher (for HP SSL on OpenVMS Alpha Version 7.3-2), or

HP TCP/IP Services for OpenVMS Version 5.3 or higher (for HP SSL on OpenVMS VAX)

HP SSL for OpenVMS has been tested and verified using HP TCP/IP Services for OpenVMS. On OpenVMS Alpha, there are no known problems running HP SSL for OpenVMS with other TCP/IP network products, including TCPware and MultiNet from Process Software Corporation. However, HP has not formally tested and verified these other products.

Account Quotas and System Parameters

There are no specific requirements for account quotas and system parameters for installing or using HP SSL for OpenVMS.

New Features in HP SSL Version 1.2 for OpenVMS

HP SSL Version 1.2 for OpenVMS, based on OpenSSL 0.9.7d with security fixes in OpenSSL 0.9.7e, is included in OpenVMS Version 8.2.

New features in HP SSL Version 1.2 include:

A port of the OpenSSL 0.9.7d baselevel, which includes fixes to security vulnerabilities reported on September 30 and November 4, 2003, and March 17, 2004 at http://www.openssl.org/news/ and additional security fixes included in OpenSSL 0.9.7e.

OCSP (Online Certificate Status Protocol)

The Online Certificate Status Protocol allows an application to more quickly determine the status of a certificate than it can by using Certificate Revocation Lists (CRLs). This is achieved by allowing the server or client application to request certificate status information from a Validation Authority (VA) in real time, rather than relying on CRL information that is issued from a Certificate Authority (CA) on a periodic basis (weekly or monthly). The VA and CA can be the same entity, but are not required to be.

UNIQUE_SUBJECT variable in the OPENSSL-VMS.CNF configuration file

HP SSL Version 1.2 allows you to have two certificates with the same subject name in the database. This makes it easier to issue new certificates when the old certificates are about to expire. This behavior is controlled by the UNIQUE_SUBJECT variable found in the configuration file OPENSSL-VMS.CNF. See the Release Notes section for more information.

AES (Advanced Encryption Standard), part of the 0.9.7 stream

The Advanced Encryption Standard (AES) is a new Federal Information Processing Standard (FIPS) Publication that specifies a cryptographic algorithm for use by U.S. Government organizations to protect sensitive (unclassified) information. The AES is also widely used on a voluntary basis by organizations, institutions, and individuals outside of the U.S. Government and outside of the United States. Rijndael has been selected as the AES algorithm.

The AES was developed to replace DES, but Triple DES will remain an approved algorithm (for U.S. Government use) for the foreseeable future. Single DES is being phased out of use.

The AES will specify three key sizes: 128, 192 and 256 bits. In decimal terms, this means that there are approximately:
In comparison, DES keys are 56 bits long, which means there are approximately 7.2 x 10¹⁶ possible DES keys. There are on the order of 10²¹ times more AES 128-bit keys than DES 56-bit keys.

In the late 1990s, specialized "DES Cracker" machines were built that could recover a DES key after a few hours. In other words, by trying possible key values, the hardware could determine which key was used to encrypt a message.Assuming that one could build a machine that could recover a DES key in a second, it would take that machine approximately 149 trillion years to crack a 128-bit AES key.

Elliptic Curve cryptography, part of the 0.9.7 stream

Elliptic curves are simple functions that can be drawn as gently looping lines in the (x,y) plane. Elliptic curves can provide versions of public-key methods that, in some cases, are faster and use smaller keys, while providing an equivalent level of security. Their advantage comes from using a different kind of mathematical group for public-key arithmetic.

RSA, SPEKE, Diffie-Hellman, and many other public-key methods can easily work with elliptic curves.

OpenSSL Documentation from The Open Group