$!-----------------------------------------------------------------'f$verify(0) $! SSL_FINISH.COM $! $! Copyright (C) 1996-2021 Mark G.Daniel. $! $! Licensed under the Apache License, Version 2.0 (the "License"); $! you may not use this file except in compliance with the License. $! You may obtain a copy of the License at $! $! http://www.apache.org/licenses/LICENSE-2.0 $! $! Unless required by applicable law or agreed to in writing, software $! distributed under the License is distributed on an "AS IS" BASIS, $! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. $! See the License for the specific language governing permissions and $! limitations under the License. $! $! Link the OpenSSL applications delivered as part of the WASD SSL package. $! $! 20-SEP-2018 MGD WASD OpenSSL v1.1.n package MAKEAPPS.COM $! 07-DEC-2002 MGD initial (completely reworked for v8.1) $!----------------------------------------------------------------------------- $! $ if f$trnlnm("INSTALL$DBUG") .nes. "" then set verify $! $ ss$_abort = 44 $ ss$_bugcheck = 676 $ say = "write sys$command" $ on controly then exit ss$_abort $! $ if p1 .eqs. "BUILD" .or. p1 .eqs. "LINK" $ then $ if f$type(BUILD_HTTPD_WASD_SSL) .nes. "" $ then $ type sys$input *************************************** * LINKING WASD OPENSSL APPLICATIONS * *************************************** $ currentDefault = f$environment("DEFAULT") $ set default 'BUILD_HTTPD_SSL_ROOT' $ if f$search ("[.WASD]MAKEAPPS.COM") .nes. "" $ then $ set default [.WASD] $ @MAKEAPPS $ else $ if f$search ("[.APPS]MAKEAPPS.COM") .nes. "" $ then $ set default [.APPS] $ @MAKEAPPS $ else $ say "MAKEAPPS.COM not found" $ exit ss$_abort $ endif $ endif $ say "" $ set default 'currentDefault' $ endif $ endif $! $ type sys$input ************************** * DH_PARAM SAFE PRIMES * ************************** Modern TLS protocols require elliptic curve cryptography, ephemeral keys and Diffie-Hellman key exchange. This is dependent on the availability of files containing "safe prime" numbers in PEM format. Ideally these are generated on a per-site basis. This can take *considerable* time depending on platform. $ SET DEFAULT WASD_ROOT:[LOCAL] $ OPENSSL DHPARAM -OUT DH_PARAM_512.PEM 512 $ OPENSSL DHPARAM -OUT DH_PARAM_1024.PEM 1024 $ OPENSSL DHPARAM -OUT DH_PARAM_2048.PEM 2048 Alternatively, when using the WASD OpenSSL package, the procedure $ @WASD_ROOT:[SRC.OPENSSL-1_n_n.WASD]CREATE_EPHEMERAL_DH_PARAM.COM will generate the "safe prime" files as above, or as another alternative, fresh "safe prime" files are generated with each release and can be copied directly from the package. $ SET DEFAULT WASD_ROOT:[LOCAL] $ COPY [SRC.OPENSSL-1_0_n.WASD.CERT]DH_PARAM_*.PEM * $! or $ COPY [SRC.OPENSSL-1_1_n.WASD]DH_PARAM_*.PEM * $! depending on the WASD OpenSSL version One of these three should be done after the install/update procedure concludes and before starting the server. Any can be repeated at any time and takes effect at next server startup. $ read sys$command response /prompt="Press RETURN to continue: " $ say "" $! $ dgs = "delete/symbol/global" $ if f$type(BUILD_HTTPD_OPEN_SSL) .nes. "" then dgs BUILD_HTTPD_OPEN_SSL $ if f$type(BUILD_HTTPD_SSL) .nes. "" then dgs BUILD_HTTPD_SSL $ if f$type(BUILD_HTTPD_SSL_ROOT) .nes. "" then dgs BUILD_HTTPD_SSL_ROOT $ if f$type(BUILD_HTTPD_VMS_SSL) .nes. "" then dgs BUILD_HTTPD_VMS_SSL $ if f$type(BUILD_HTTPD_WASD_SSL) .nes. "" then dgs BUILD_HTTPD_WASD_SSL $! $ exit $!-----------------------------------------------------------------------------