Slightly OT to your question but if you have any flexibility in the matter I would *highly* recommend using the IBM-supported GSK library rather than OpenSSL. The two are by no means plug-compatible with each other but do provide roughly comparable functionality.
OpenSSL is awesome functionality and an incredible body of work but the documentation is so poor-to-nonexistent as to make it a collection of traps for the unwary. And security software is not like other programming where you can say "okay, it works" and that's good enough, at least for now. Things that in other software would simply be bugs that you could fix when someone ran into them are instead security exposures waiting to be exploited, sometimes with disastrous consequences.* I am not simply some pro-IBM or anti-open-source bigot speaking here. I have in fact implemented similar functionality with both products (client and server using OpenSSL on Windows; client using GSK on z/OS). You certainly don't have to believe me but before heading down the OpenSSL path, at least read https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf. *For a great exposition on this topic, read the first section, "Programmers do not get security" in https://tersesystems.com/2014/01/13/fixing-the-most-dangerous-code-in-the-world/ Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Anthony Fletcher Sent: Saturday, June 20, 2015 8:59 PM To: [email protected] Subject: OpenSSL for z/OS Does anyone know where an up to date verson of OpenSSL that will run on z/OS can be found. The version shipped in IBM Ported Tools is not current. I understand that at least version 1.0.1n is needed to address the POODLE and other exposures. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
