VSI-AXPVMS-SSL111-V0101-1GB-1-RELNOTES.PDF

This document provides the Installation Guide and Release Notes for VSI SSL111 Version 1.1-1G for OpenVMS Alpha servers, released in April 2020. The product is based on Open Source OpenSSL version 1.1.1g.

A primary theme is the coexistence of VSI SSL111 with older VSI SSL (based on OpenSSL 0.9.8) and VSI SSL1 (based on OpenSSL 1.0.2) products on the same system. However, a critical point is that VSI SSL111 APIs are not backward compatible with these older versions.

Key migration requirements for users:

• Application Recompilation: All applications linked against previous VSI SSL versions must be recompiled and relinked with the new VSI SSL111 header files and libraries.
• Certificate Store Migration: Existing certificate stores require manual migration. Certificate file names, previously based on MD5 hashes, must be updated to use SHA-1 hashes for SSL111 V1.1 compatibility; failure to do so will cause validation to fail.
• System Configuration Updates: Logical names (SSL111$ prefix), directory paths ([VMS$COMMON.SSL111]), and command procedures (SSL111$...) must be updated. The SSL111$STARTUP.COM procedure should be invoked last if coexisting, to ensure the common "OPENSSL" logical points to the latest version.

Installation prerequisites include OpenVMS Alpha 8.4-1H1 or later and approximately 200,000 disk blocks, with installation mandatory on the system disk. For clusters, the product must be shut down on all nodes before installation and restarted afterward.

Post-installation tasks involve updating startup/shutdown procedures, checking custom scripts, and optionally running the Installation Verification Procedure (IVP). The Certificate Tool is a single-user utility, and protecting private keys is crucial.

Limitations and notes include the absence of IDEA, RC5, and MDC2 ciphers (due to copyright) and RANDegd APIs (suggesting RANDpoll). OpenSSL documentation on the official website should be considered authoritative over the kit's included documentation.