If you have written a TCP/IP based application on your NonStop system and want to add SSL support, you can use both SecurCS, SecurLib and SecurLib/SSL-AT to accomplish that task. Which product will suit your needs better, will depend on a number of factors.
Before using SecurLib/SSL you have to meet some requirements:
- You need to have the full source code of your application (not required for SecurLib/SSL-AT).
- The application can be written in TAL, C, C++ or COBOL.
- SecurLib is delivered as a static library to be bound together with your application with a header file.
- SecurLib supports native compilers only (does not apply to SecurLib/SSL-AT).
In general, implementing SecurLib will be more work than using SecurCS, however you end up with a more integrated solution. The following table lists some of the technical differences when using either of the product:
| SecurCS | SecurLib | SecurLib/SSL-AT | |
|---|---|---|---|
| Remote IP address and port | Application will see 127.0.0.1 for all incoming connections. Remote Port will be hidden. | Application will see true remote IP address and port. | Application will see the remote IP address and port |
| Process hops | Messages will run through IP stack twice. | Messages will run through IP stack once | Messages will run through IP stack only once (for native code; for non-native code it will still run through twice) |
| Effort to convert application | Minimal: only some configuration changes. | Medium: some source code changes, integration of SecurLib library, recompile. | Zero: no changes to application or configuration required |