On Wed, Aug 09, 2000 at 01:10:52PM -0500, Benji Spencer wrote:
> we are looking at moving from out Netscape Enterprise SSL web server and
> going to Apache+SSL (Apache-ssl, Ben's SSL) anyhow..we want to do this
> legally, and we know that RSA has some copyright issues....I thought this
> would be a problem..but it might not be.
It's not copyright (unless you do use rsaref - and then they
do have some copyright code on you) but rather patent (on the RSA
algorithm). The patent expires in another month and a half (September
20 if memory serves me right).
> I looked at our current NES server was using, and RSA isn't on the list
> (RC[24] and DES with MD5 and SHA message authentication is basically all
> that is listed).
> now...when I was on the phone with the RSA Tech, he said that in order to
> Use OpenSSL with Apache+SSL, I would have to no include the rsaref, and rip
> the RSA Crypto out of OpenSSL. Do I need to go that far? What if I just
> specified the "-no-rsa" when I compile OpenSSL? Is there any RSA code in
> the compiled version at that point?
I wouldn't think so, but there are more knowledgible people on this
point on this list...
> Our main concerns are
> 1) we don't want to loose functionality. If RSA was being used before, we
> still want it (was it being used before though?)
> 2) we want it implement the SSL legally.
Can you wait another month and a half? The rules are gonna change.
Then you can use RSA legally.
> If anyone has any insight into this, I would appreciate it. I looked in the
> archives, and didn't see anything directly relating to this (then again, I
> might have missed something also)
> thanks.
> benji
> ---
> Benji Spencer
> Web Programmer
> Moody Bible Institute
> 312-329-2288
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]