Tim Willis wrote:
What does all this mean? Is it legal for me, in the US, to use
Apache+mod_ssl+OpenSSL for commercial purposes? Do I read it correctly that
it isn't legal for me at the moment, but will be after September 20th, 2000?
Could someone clarify this for me?
Yes, until
Jacob Cohen wrote:
In our shop, it just runs and I am there the time I have to restart it
every year
I still think it should be a binary file, executable by root only. Start
apache as root, and have it setuid to 'nobody' or whatever your httpd user
is after reading the pass phrase.
Actually, this is a documentation error of sorts. The section SHOULD read
like this:
---
It used to be that France and the USA had severe restrictions on the use
of and/or export of cryptography. Fortunately, France repealed its
draconian regulation on the use of heavy-strength cryptography,
Winged Wolf wrote:
I've been able to find no references to any patents on the RC4 algorithm,
but I did find reference to the patents on the IDEA algorithm (which I
don't think is used in SSL, but I may be mistaken). If anyone knows what
patents cover RC4, I'd appreciate knowing them.
Howdy,
Hi all, regarding the SSLPassPhraseDialog option, I don't think it's
practical for an admin to type in the pass phrase every time apache is
restarted (builtin mode). I'm temporarily using a script which just echo's
the passphrase (exec mode). I'm wondering how other people are
You could decrypt the key:
openssl rsa -in file1.key -out file2.key
or
bin/decrypt_key hostname
It's generally not a "secure" process to do because the key is now vulnerable
and not encrypted.
On 08-Jun-00 Lewandowski, Kevin S wrote:
Hi all, regarding the SSLPassPhraseDialog option, I don't
In past experience troubleshooting performance problems where clients
pointed to SSL, we've benchmarked about 12-15% overhead (for HHTPS). This
specific instance was on a Netscape Commerce Server running on Solaris
2.5.x. One thing, in particular, that I have noticed with SSL is the
performance
Do I read it correctly that
it isn't legal for me at the moment, but will be after September 20th, 2000?
Yes.
/r$
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List
It is not clear if you can recompile mod_ssl once you
bought one of those products.
The patent law (and the licenses granted to those organizations, undoubtedly)
is
quite clear: you can't just "peel off" the license from one product and slap
it onto another, without the license-grantor's
I haven't heard of any RC4 patents either.
According to RSA:
RC4 is trade-secret intellectual property of RSA.
Someone "stole" it and posted it to the net.
We reserve the right to come after you.
In the real world:
The cat's out of the bag, RSA knows it, and it
In France, now, you can use 128 bits encryption...
Franck Chionna
Tim Willis wrote:
In perusing the documentation of Mod_SSL, I came across these two sections:
At least two countries with heavy cryptography restrictions are well known:
In the United States (USA) first it's
11 matches
Mail list logo
