Steve McIntosh wrote:
>
> I want to use OpenSSL only for fetching pages off https sites using GET
> or POST. Nothing more, nothing less. Should I be able to compile OpenSSL
> without all of the RSA extras (RC2, RC4, RC5 idea and so on) and still
> be able to do this? Or, do I need the items from RSA to connect to these
> sites and fetch pages?
>
Unfortunately not many commercial web servers support non RSA cipher
suites. Those based on SSLeay and OpenSSL do but they would also need to
include a DSA server certificate chain for this to work (Thawte support
this) and dual certificates if they wanted to use the RSA ciphers as
well.
So while in theory you could have a patent free SSL implementation using
say DES, 3DES, DSA and DH you would have problems talking to most web
servers because they only support RSA.
Steve.
--
Dr Stephen N. Henson. UK based freelance Cryptographic Consultant.
For info see homepage at http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED]
NOTE NEW (13/12/98) PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
