Hi Everyone,

I want to remind people that the OpenSSL 1.1.1 version thread goes off support on Sept 11, 2023, which is 204 days from now - just over 6 months, meaning no security fixes will be available after that time. Currently, only security fixes are made
available. After that, fixes will only be available via support contract (which I can facilitate, but it is not a trivial cost because of the OpenSSL extended support contract cost). ITUGLIB will stop building 1.1.1 releases when OpenSSL stops delivering
fixes on (or around) that date. OpenSSL 1.0.2 is currently in this state.

Migration to OpenSSL 3.x as soon as you can is recommended. There are a few reasons:

1. Functional and security fix support is currently available.
2. Upgrading to 3.x generally only requires recompile for your application.
3. OpenSSL versions 3.x, 1.1.1, and 1.0.2 can generally communicate with each other, as long as common cyphers are available at both ends - which they generally are. You do have to be careful to ensure that your certificates are usable on all versions.
4. The 3.x thread is identical to the standard OpenSSL code base without change for NonStop. You can easily build OpenSSL yourself from git or with the standard OpenSSL tarballs. 1.1.1 requires that someone (usually me) apply patches manually to the
ITUGLIB repository.
5. An added bonus for git users on L-series (as well as OpenSSL users), you do not need to run PRNDG, because the NonStop build supports the x86 hardware random number generator.

Regards,
Randall Becker
On Behalf of the ITUGLIB Technical Committee

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sunday, February 19, 2023 at 6:37:59 p.m. UTC-5, Randall wrote:

Hi Everyone,

I want to remind people that the OpenSSL 1.1.1 version thread goes off support on Sept 11, 2023, which is 204 days from now - just over 6 months, meaning no security fixes will be available after that time. Currently, only security fixes are made

available. After that, fixes will only be available via support contract (which I can facilitate, but it is not a trivial cost because of the OpenSSL extended support contract cost). ITUGLIB will stop building 1.1.1 releases when OpenSSL stops delivering
fixes on (or around) that date. OpenSSL 1.0.2 is currently in this state.

Migration to OpenSSL 3.x as soon as you can is recommended. There are a few reasons:

1. Functional and security fix support is currently available.
2. Upgrading to 3.x generally only requires recompile for your application. 3. OpenSSL versions 3.x, 1.1.1, and 1.0.2 can generally communicate with each other, as long as common cyphers are available at both ends - which they generally are. You do have to be careful to ensure that your certificates are usable on all versions.
4. The 3.x thread is identical to the standard OpenSSL code base without change for NonStop. You can easily build OpenSSL yourself from git or with the standard OpenSSL tarballs. 1.1.1 requires that someone (usually me) apply patches manually to the

ITUGLIB repository.

5. An added bonus for git users on L-series (as well as OpenSSL users), you do not need to run PRNDG, because the NonStop build supports the x86 hardware random number generator.

Regards,
Randall Becker
On Behalf of the ITUGLIB Technical Committee

Edit: Should be PRNGD

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Monday, February 20, 2023 at 12:30:31 p.m. UTC-5, Randall wrote:

On Sunday, February 19, 2023 at 6:37:59 p.m. UTC-5, Randall wrote:

Hi Everyone,

I want to remind people that the OpenSSL 1.1.1 version thread goes off support on Sept 11, 2023, which is 204 days from now - just over 6 months, meaning no security fixes will be available after that time. Currently, only security fixes are made

available. After that, fixes will only be available via support contract (which I can facilitate, but it is not a trivial cost because of the OpenSSL extended support contract cost). ITUGLIB will stop building 1.1.1 releases when OpenSSL stops delivering
fixes on (or around) that date. OpenSSL 1.0.2 is currently in this state.

Migration to OpenSSL 3.x as soon as you can is recommended. There are a few reasons:

1. Functional and security fix support is currently available.
2. Upgrading to 3.x generally only requires recompile for your application.
3. OpenSSL versions 3.x, 1.1.1, and 1.0.2 can generally communicate with each other, as long as common cyphers are available at both ends - which they generally are. You do have to be careful to ensure that your certificates are usable on all

versions.

4. The 3.x thread is identical to the standard OpenSSL code base without change for NonStop. You can easily build OpenSSL yourself from git or with the standard OpenSSL tarballs. 1.1.1 requires that someone (usually me) apply patches manually to the

ITUGLIB repository.

5. An added bonus for git users on L-series (as well as OpenSSL users), you do not need to run PRNDG, because the NonStop build supports the x86 hardware random number generator.

Regards,
Randall Becker
On Behalf of the ITUGLIB Technical Committee

Edit: Should be PRNGD

OpenSSL 3.1 is in the pipeline now. This release seems to be primarily a result of FIPS-140-3 standards instead of the FIPS-140-2 used in 3.0. A bit of a surprise is that OpenSSL 3.1 planned support (LTS) runs until March 2025 while 3.0 runs until
September 2026. ITUGLIB will be building and deploying both. The OpenSSL 3.1 notice should come out in the next day or two.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thursday, March 23, 2023 at 10:28:49 a.m. UTC-4, Randall wrote:

On Monday, February 20, 2023 at 12:30:31 p.m. UTC-5, Randall wrote:

On Sunday, February 19, 2023 at 6:37:59 p.m. UTC-5, Randall wrote:

Hi Everyone,

I want to remind people that the OpenSSL 1.1.1 version thread goes off support on Sept 11, 2023, which is 204 days from now - just over 6 months, meaning no security fixes will be available after that time. Currently, only security fixes are made

available. After that, fixes will only be available via support contract (which I can facilitate, but it is not a trivial cost because of the OpenSSL extended support contract cost). ITUGLIB will stop building 1.1.1 releases when OpenSSL stops delivering
fixes on (or around) that date. OpenSSL 1.0.2 is currently in this state.

Migration to OpenSSL 3.x as soon as you can is recommended. There are a few reasons:

1. Functional and security fix support is currently available.
2. Upgrading to 3.x generally only requires recompile for your application.
3. OpenSSL versions 3.x, 1.1.1, and 1.0.2 can generally communicate with each other, as long as common cyphers are available at both ends - which they generally are. You do have to be careful to ensure that your certificates are usable on all

versions.

4. The 3.x thread is identical to the standard OpenSSL code base without change for NonStop. You can easily build OpenSSL yourself from git or with the standard OpenSSL tarballs. 1.1.1 requires that someone (usually me) apply patches manually to

the ITUGLIB repository.

5. An added bonus for git users on L-series (as well as OpenSSL users), you do not need to run PRNDG, because the NonStop build supports the x86 hardware random number generator.

Regards,
Randall Becker
On Behalf of the ITUGLIB Technical Committee

Edit: Should be PRNGD

OpenSSL 3.1 is in the pipeline now. This release seems to be primarily a result of FIPS-140-3 standards instead of the FIPS-140-2 used in 3.0. A bit of a surprise is that OpenSSL 3.1 planned support (LTS) runs until March 2025 while 3.0 runs until

September 2026. ITUGLIB will be building and deploying both. The OpenSSL 3.1 notice should come out in the next day or two.

A good read on the 1.1.1 End of Life is available at https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)