Re: confused about RSAref

Fri, 3 Dec 1999 01:32:34 -0800 

On Wed, 1 Dec 1999, Alex Howansky wrote:
> Hi all,
> 
> I've searched the docs and mailing list archives and can't find a definitive
> answer to my question. I hope someone can shed some light on the subject.
> 
> I'm very confused about RSAref. The modssl docs say that RSAref is mandatory
> here in the US. The openssl docs say only that "it is possible" to use RSAref.  
> Clearly though, both openssl and modssl can work fine without it. The modssl
> docs even say that using RSAref will result in some loss of functionality. So,
> my question is, do I really need it? Is the "mandatory" issue a legal one or a
> technical one? What are the implications of running a commercial server in the
> US with a modssl module that isn't linked with RSAref?
It is a Legal issue, not using the RSAref means you're violating the RSA
patent, and is liable to get sued for patent infringement.
Running a commercial server, that can cost you a lot when you get to pay
damages, especially since everything's spelled out clearly enough that
you can't use "The I'm Too Stupid To Read" defense.

> Another possibly related question -- so far, I've built modssl without RSAref.
> I've generated a self-signed server certificate according to the modssl docs.
> When I connect, I'm only getting 40 bit encryption. How do I get 128? Is the
> encryption strength dependant on the certificate or the modssl settings in
> httpd.conf? Or maybe to my lack of RSAref?
> 
> Please respond via email -- I'm not a subscriber. Thanks.
> 
> 

-- 
Henrik Olsen,  Dawn Solutions I/S       URL=http://www.iaeste.dk/~henrik/
  Leonardo DiCaprio: Your social class is stuffy. Let's dance with the
  ship's rats and have fun.   Kate Winslet: You have captured my heart. 
    Let's run around the ship and giggle.             (The ship SINKS.)
  Leonardo DiCaprio: Never let go.   Kate Winslet: I promise. (lets go)
                                      Titanic, the Movie-A-Minute version


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to