OT: SCO 5 6.0.0 - cURL Binaries / upgrade

Fairlight fairlite at fairlite.com
Fri Mar 11 07:18:38 PST 2022 

>From hazy memory, I want to say 1.0.5e was about the time they got
-full- TLS 1.2 support in place.

m->


On Fri, Mar 11, 2022 at 10:03:53AM -0500, ken white via Filepro-list thus spoke:
> I wonder what version of openssl is installed.   According to openssl.org
> all versions prior to 1.1.1 are out of date and no longer supported.
> Therefore if your software is dependent on openssl, I believe that versions
> prior to 1.1.1 would be no longer be considered as PCI compliant.  Version
> 0.9.8 installed as a supplement for SCO 6.0.0  was EOL 2016.  Even version
> 1.1.1 has a few high severity CVE's listed which require patching.
> Depending on the flavor of their PCI SAQ, the responsible party signing
> their annual PCI SAQ should be very concerned.   
>   
> -----Original Message-----
> From: Filepro-list
> <filepro-list-bounces+kenwhite=verizon.net at lists.celestial.com> On Behalf Of
> Fairlight via Filepro-list
> Sent: Thursday, March 10, 2022 2:00 PM
> To: filepro-list at lists.celestial.com
> Subject: Re: OT: SCO 5 6.0.0 - cURL Binaries / upgrade
> 
> They don't have to jump for joy.  Is it a business requirement, or is it
> someone's pet wishlist item?  If the former, it is what it is.  If the
> latter, it's optional and can be given a pass.
> 
> Places can either afford to play ball in their industries, or not.  It's not
> negotiable, any more than us needing internet service, and not wantiing to
> pay for it, for instance.  It's not optional if you want the specified
> result.  If it's what's required of the business, it's required.  That's how
> 'required' works.  Happiness doesn't enter into it.
> 
> God forbid someone need an ISO or SOX audit.  Those cost a mint, and I've
> never known anyone who was 'happy' to absorb the price.
> "Choiceless" is the best fitting adjective for situations like these.
> 
> Nobody should be on SCO these days, if they want to take advantage of any
> open source software. libopenssl/libssl2 versions features vs restrictions
> -alone- are a compelling case for getting off of SCO, nevermind the bigger
> picture.  It's not a sustainable platform in today's security landscape,
> -especially- the way Xinuous likes to do things.  You will almost always be
> at least half a year to two years behind the curve, and God help you if a
> zero day exploit is discovered, because -they're- certainly not going to
> jump right on that.
> 
> m->
> 
> 
> On Thu, Mar 10, 2022 at 12:07:20PM -0500, Jose Lerebours via Filepro-list
> thus spoke:
> > Thanks Mark!
> > 
> > Migrating to LINUX may be the next best thing - based on your reply, 
> > it is the ONLY best thing.  ;-)
> > 
> > Not exactly what I was hoping to hear - I am sure they are not going 
> > to jump of joy either!
> > 
> > Regards,
> > 
> > 
> > On 3/10/22 11:26 AM, Fairlight via Filepro-list wrote:
> > > The problem isn't curl itself.  The problem is that you need a 
> > > sufficiently high OpenSSL version on the system against which curl 
> > > can be compiled.
> > > 
> > > The only people who can truly help with this are Xinuous.  At one 
> > > point a few years back, they were recommending an upgrade to their 
> > > latest combo Unix platform, and had forward-looking plans to release 
> > > just such an OpenSSL version (which by the time they would have 
> > > gotten done would have been over six months behind reality).  They 
> > > were only going to offer it for their latest version of OpenServer.
> > > 
> > > It was a bad bet to wait on them.
> > > 
> > > If you're serious about eCommerce, get them off SCO.  It's a dying 
> > > platform for anything to do with security and interoperability.
> > > 
> > > OpenSSL is also notoriously bitchy to compile, especially on SCO.
> > > 
> > > Given a system with a usable devkit, I'd be willing to make the 
> > > attempt, but it would -cost-, and not just a little.  $25k minimum 
> > > for the attempt, succeed or fail; more on success.  That's how 
> > > bitchy it tends to be, historically, and how much it would need to 
> > > be made worth my time to even make the attempt in good faith, on a 
> > > dead platform.  Anyone doing it for less is a fool, especially when 
> > > you realise that it's going to support a credit card gateway system 
> > > which will be the cornerstone of someone's business for years to 
> > > come.  You get your money out of that up-front, because you'll never 
> > > see another cent out of it afterwards, if you do it correctly.  At 
> > > least not until the next mandatory TLS bump.  So how much do they 
> > > -actually- want to do their credit card processing on SCO? :)
> > > 
> > > They're better off being migrated to Linux.  Barring that, no, it 
> > > wouldn't (and shouldn't) be inexpensive.
> > > 
> > > m->
> > > 
> > > 
> > > On Thu, Mar 10, 2022 at 10:01:01AM -0500, Jose Lerebours via
> Filepro-list thus spoke:
> > > > Waaaaay off topic but I have to ask:
> > > > 
> > > > I have a customer that is running on SCO 5 v6.0.0 and credit card 
> > > > processing company will no longer accept TLS lesser than 1.2; it 
> > > > appears that with that, we need to upgrade cURL from its current 
> > > > version of 7.2.### to a more recent version.
> > > > 
> > > > Do any of you (a) have a copy of cURL that would care to share 
> > > > (purchasing is an option BTW), (b) know of a link where said 
> > > > binaries could be found.
> > > > 
> > > > Thank you all in advance for your assistance!
> > > > 
> > > > 
> > > > --
> > > > Jose Lerebours
> > > > 954-559-7186
> > > > https://www.asisuites.com
> > > > Accounting - Retail - Wholesale - Distribution Manufacturing - 
> > > > Warehousing - Transportation - eCommerce - Web Development
> > > > 
> > > > _______________________________________________
> > > > Filepro-list mailing list
> > > > Filepro-list at lists.celestial.com
> > > > Subscribe/Unsubscribe/Subscription Changes 
> > > > http://mailman.celestial.com/mailman/listinfo/filepro-list
> > > > 
> > --
> > Jose Lerebours
> > 954-559-7186
> > https://www.asisuites.com
> > Accounting - Retail - Wholesale - Distribution Manufacturing - 
> > Warehousing - Transportation - eCommerce - Web Development
> > 
> > _______________________________________________
> > Filepro-list mailing list
> > Filepro-list at lists.celestial.com
> > Subscribe/Unsubscribe/Subscription Changes 
> > http://mailman.celestial.com/mailman/listinfo/filepro-list
> > 
> 
> --
> Audi omnia, crede nihil.
> _______________________________________________
> Filepro-list mailing list
> Filepro-list at lists.celestial.com
> Subscribe/Unsubscribe/Subscription Changes
> http://mailman.celestial.com/mailman/listinfo/filepro-list
> 
> _______________________________________________
> Filepro-list mailing list
> Filepro-list at lists.celestial.com
> Subscribe/Unsubscribe/Subscription Changes
> http://mailman.celestial.com/mailman/listinfo/filepro-list
> 

-- 
Audi omnia, crede nihil.

More information about the Filepro-list mailing list