[0001] [0002] [0003] [0004] [0005] [0006] [0007] [0008] [0009] [0010] [0011] [0012] [0013] [0014] [0015] [0016] [0017] [0018] [0019] [0020] [0021] [0022] [0023] [0024] [0025] [0026] [0027] [0028] [0029] [0030] [0031] [0032] [0033] [0034] [0035] [0036] [0037] [0038] [0039] [0040] [0041] [0042] [0043] [0044] [0045] [0046] [0047] [0048] [0049] [0050] [0051] [0052] [0053] [0054] [0055] [0056] [0057] [0058] [0059] [0060] [0061] [0062] [0063] [0064] [0065] [0066] [0067] [0068] [0069] [0070] [0071] [0072] [0073] [0074] [0075] [0076] [0077] [0078] [0079] [0080] [0081] [0082] [0083] [0084] [0085] [0086] [0087] [0088] [0089] [0090] [0091] [0092] [0093] [0094] [0095] [0096] [0097] [0098] [0099] [0100] [0101] [0102] [0103] [0104] [0105]
$!-----------------------------------------------------------------'f$verify(0) $! SSL_FINISH.COM $! $! Copyright (C) 1996-2021 Mark G.Daniel. $! $! Licensed under the Apache License, Version 2.0 (the "License"); $! you may not use this file except in compliance with the License. $! You may obtain a copy of the License at $! $! http://www.apache.org/licenses/LICENSE-2.0 $! $! Unless required by applicable law or agreed to in writing, software $! distributed under the License is distributed on an "AS IS" BASIS, $! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. $! See the License for the specific language governing permissions and $! limitations under the License. $! $! Link the OpenSSL applications delivered as part of the WASD SSL package. $! $! 20-SEP-2018 MGD WASD OpenSSL v1.1.n package MAKEAPPS.COM $! 07-DEC-2002 MGD initial (completely reworked for v8.1) $!----------------------------------------------------------------------------- $! $ if f$trnlnm("INSTALL$DBUG") .nes. "" then set verify $! $ ss$_abort = 44 $ ss$_bugcheck = 676 $ say = "write sys$command" $ on controly then exit ss$_abort $! $ if p1 .eqs. "BUILD" .or. p1 .eqs. "LINK" $ then $ if f$type(BUILD_HTTPD_WASD_SSL) .nes. "" $ then $ type sys$input *************************************** * LINKING WASD OPENSSL APPLICATIONS * *************************************** $ currentDefault = f$environment("DEFAULT") $ set default 'BUILD_HTTPD_SSL_ROOT' $ if f$search ("[.WASD]MAKEAPPS.COM") .nes. "" $ then $ set default [.WASD] $ @MAKEAPPS $ else $ if f$search ("[.APPS]MAKEAPPS.COM") .nes. "" $ then $ set default [.APPS] $ @MAKEAPPS $ else $ say "MAKEAPPS.COM not found" $ exit ss$_abort $ endif $ endif $ say "" $ set default 'currentDefault' $ endif $ endif $! $ type sys$input ************************** * DH_PARAM SAFE PRIMES * ************************** Modern TLS protocols require elliptic curve cryptography, ephemeral keys and Diffie-Hellman key exchange. This is dependent on the availability of files containing "safe prime" numbers in PEM format. Ideally these are generated on a per-site basis. This can take *considerable* time depending on platform. $ SET DEFAULT WASD_ROOT:[LOCAL] $ OPENSSL DHPARAM -OUT DH_PARAM_512.PEM 512 $ OPENSSL DHPARAM -OUT DH_PARAM_1024.PEM 1024 $ OPENSSL DHPARAM -OUT DH_PARAM_2048.PEM 2048 Alternatively, when using the WASD OpenSSL package, the procedure $ @WASD_ROOT:[SRC.OPENSSL-1_n_n.WASD]CREATE_EPHEMERAL_DH_PARAM.COM will generate the "safe prime" files as above, or as another alternative, fresh "safe prime" files are generated with each release and can be copied directly from the package. $ SET DEFAULT WASD_ROOT:[LOCAL] $ COPY [SRC.OPENSSL-1_0_n.WASD.CERT]DH_PARAM_*.PEM * $! or $ COPY [SRC.OPENSSL-1_1_n.WASD]DH_PARAM_*.PEM * $! depending on the WASD OpenSSL version One of these three should be done after the install/update procedure concludes and before starting the server. Any can be repeated at any time and takes effect at next server startup. $ read sys$command response /prompt="Press RETURN to continue: " $ say "" $! $ dgs = "delete/symbol/global" $ if f$type(BUILD_HTTPD_OPEN_SSL) .nes. "" then dgs BUILD_HTTPD_OPEN_SSL $ if f$type(BUILD_HTTPD_SSL) .nes. "" then dgs BUILD_HTTPD_SSL $ if f$type(BUILD_HTTPD_SSL_ROOT) .nes. "" then dgs BUILD_HTTPD_SSL_ROOT $ if f$type(BUILD_HTTPD_VMS_SSL) .nes. "" then dgs BUILD_HTTPD_VMS_SSL $ if f$type(BUILD_HTTPD_WASD_SSL) .nes. "" then dgs BUILD_HTTPD_WASD_SSL $! $ exit $!-----------------------------------------------------------------------------