OpenSSL: Still working, but falling behind
June 24, 2015
This month the OpenSSL project released a new version of the software, updated to protect sites from attacks like Heartbleed. The release coincides with some interest from the 3000 community about porting this 1.0.2 version to MPE/iX. These cryptographic protocols provide security for communications over networks.
Heartbleed never had an impact on the 3000, in part because it was OpenSSL was so rarely used. Developer Gavin Scott said that last year's Heartbleed hack "does point out the risks of using a system like MPE/iX, whose software is mostly frozen in time and not receiving security fixes, as a front-line Internet (or even internal) server. Much better to front-end your 3000 information with a more current tier of web servers. That's actually what most people do anyway I think."
But native 3000 support of such a common networking tool remains on some wish lists. 3000s can use SSL to encrypt segments of network connections at the Application Layer, to ensure secure end-to-end transit at the Transport Layer. It's an open source standard tool, but deploying it on an HP 3000 can be less than transparent.
Consider the following question from Adrian Hudson in the UK.
Does anyone know anything about putting OpenSSL on a HP 3000? I've seen various websites referring to people who have succesfully ported the software, but with the HP 3000s being used less and less, I'm finding lots of broken links and missing pages. My ultimate intention is to try and get Secure FTP (SFTP) running from Posix on the HP 3000.
HP placed the OpenSSL pieces in its WebWise MPE/iX software, and that software is part of the 7.5 Fundamental Operating System. Cathlene McRae, while still working at HP in 3000 support, confirmed that "WebWise is the product you are looking for. This has OpenSSL." She's shared a PowerPoint document of 85 slides written in 2002, one of the last years that WebWise (and its OpenSSL) was updated for the HP 3000. (You can download these slides as a PDF file.)
"I'd be happy to talk with whomever has interest," he said. I'd like to do the "port" again with notes, so others can reproduce, and place it on my website."
I'm looking on my HP 918 (MPE/iX 6.0 PowerPatch 2)
Openssl 9.6a
OpenSSL> version
OpenSSL 0.9.6a 5 Apr 2001
OpenSSL>
I believe AFTP did build and run. That would be from OpenSSH. As I recall, the process is1. install zlib
2. install openssl
3. install openssh
/OPENSSH/V00371P2/openssh-3.7.1p2#sftp
usage: sftp [-vC1] [-b batchfile] [-o ssh_option] [-s subsystem | sftp_server]
[-B buffer_size] [-F ssh_config] [-P sftp_server path]
[-R num_requests] [-S program]
[user@]host[:file [file]]
/OPENSSH/V00371P2/openssh-3.7.1p2#sftp hpux-1
Connecting to hpux-1...
Couldn't connect to PRNGD socket "/tmp/egd-pool": Can't assign requested address
Entropy collection failed
ssh-rand-helper child produced insufficient data
Connection closedAs I recall, I need to stream a job for this EGDPOOL. I hope to get back to this and other porting things. But work gets in the way.