Re: Commercial SSL in the US
Hiya, You could wait 'till Sept 20th this year when the RSA patents expire . . . . G. Gerard Monsen wrote: Wow. I'm at a loss here. Does anyone know of any way that my (tiny) company can legally use SSL for commercial purposes in the US without paying an obscene amount of money to RSA or buying an obscenely expensive web server system from a vendor? We were going to use an Apache web server with its OpenSSL interface, but the Apache documentation indicates that this is not allowed for commercial purposes in the US. Any help you can give would be appreciated. Gerard Monsen Integrated Litigation Solutions Oakland, CA __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Commercial SSL in the US
On Thu, 9 Mar 2000, Leland V. Lammert wrote: At 05:10 AM 3/9/00 , you wrote: Wow. I'm at a loss here. Does anyone know of any way that my (tiny) company can legally use SSL for commercial purposes in the US without paying an obscene amount of money to RSA or buying an obscenely expensive web server system from a vendor? Yes. It's called OpenSSL. Export regulations were relaxed this January, .. and while there are many issues to be resolved, it essentially means that WE can IMPORT anything in the public domain without a problem. You're talking about export controls, and he's asking about intellectual-property law. Different animals. W.r.t. RSADSI's code, "commercial use" probably means what RSADSI says it means. Their patent is still as valid as it ever was until late this year when it expires, so in the U.S. you have to use their code and obey their license until then. -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] Definitely NOT a lawyer. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
DSA certificate and cipher list setup?
I have created certificate and priv key as follows: openssl.exe dsaparam 512 -out dsa512.pem openssl req -config req.cnf -x509 -newkey dsa:dsa512.pem -out DsaCa.pem When I do SSL_connect ... and on the server side SSL_accept the accept call fails on c=ssl3_choose_cipher(s,s-session-ciphers, ssl_get_ciphers_by_id(s)); that is because currently I am not setting any ciphers... What should I use and set? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: urgent help
Can anyone help me with a proxy I am writing ? I would love to run a ssl proxy which gets a connection from an unencrypted connection then connect to a secure server and pass the data to the server encrypted, and pass the result back to the client. That I am able to do where I have problem is when I store the open SSL connection in a link list and then reuse it on subsequent connections from a different client. This is what happen, my proxy writes to the server then there is a getpid from the ssl library which then closes the connection. can some one explain why this happen. I hope I explained it well. Burtland
RE: Trouble building MSDOS version
With whom do I discuss these changes? I have added MSDOS switches to four files, and everything compiles. But I also had to change some switches in msdos.mak, and I don't understand what RANLIB is for, so I just commented it out for now. I grabbed unistd.h and stat.h from Bob Stout's SNIPPETS library (SNIP9707). All stat.h does is "#include sys\stat.h" where Micros~1 hides it. My next problem is translating the "ar r" commands to "LIB". Basically, it requires something like: O_CRYPTO= $(LIB_D)\lib$(CRYPTO) for each %o in $(CRYPTOOBJ); do LIB $(O_CRYPTO).lib +%o, $(O_CRYPTO).lst\; ; done But I doubt that I have the syntax correct. The semicolon after $(O_CRYPTO).lst is necessary to tell LIB that the command line is complete, so don't ask for any additional files (non-interactive form). If you don't want a listing file, everything between the comma and semi-colon can be skipped. There were some 'L's missing from shift constants in lines 226, 227 and 228 of crypto\des\set_key.c, but they weren't causing any of my problems. If I really understood all that I know about this stuff, this project might actually be fun. Thank you for listening. Bob McConnell -Original Message- From: Ulf Möller [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 09, 2000 11:47 AM To: Bob McConnell Cc: '[EMAIL PROTECTED]' Subject: Re: Trouble building MSDOS version On Thu, Mar 09, 2000 at 10:02:10AM -0500, Bob McConnell wrote: Looking at the source, it's obvious that it's not expecting to have MSDOS defined, the #IFDEF's only check for WIN32 and __ultrix. You'll have to add the relevent #ifdefs for MSDOS, there's no way around that. This is simple for bss_log.c because DOS has no logging facilities, but it's possible that there will be problems at other places as well. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Commercial SSL in the US
At 07:27 AM 3/10/00 , you wrote: Hiya, You could wait 'till Sept 20th this year when the RSA patents expire . . . . G. Or not, .. RSA *STILL* has the BSafe toolkit in the public domain, .. and it's license specifies that you can use it for any 'internal' use. *OUR* legal beagles tell me that 'internal use' includes anything for which we do not charge a fee, .. including using OpenSSL to secure our own servers. To *SELL* anything including or using the RSA toolkit, we would have to pay RSA a license. Some of the folks here happily mix the two, taking the 'trod upon' viewpoint, .. but I would recommend checking with your own lawyers to make a decision. Lee Leland V. Lammert[EMAIL PROTECTED] Chief Scientist Omnitec Corporation Network/Internet Consultants www.omnitec.net __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Commercial SSL in the US
Ulf Möller wrote: On Thu, Mar 09, 2000 at 11:10:24AM +, Gerard Monsen wrote: Wow. I'm at a loss here. Does anyone know of any way that my (tiny) company can legally use SSL for commercial purposes in the US without paying an obscene amount of money to RSA or buying an obscenely expensive web server system from a vendor? Yes, buying an inexpensive web server system. I think Redhat offers the cheapest one, but there are several vendors. RedHat Professional at $149.95 includes an SSL web server. Then of course you have to buy a certificate ;-) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Commercial SSL in the US
Rich Salz wrote: I don't know exactly what the original poster is trying to do, but you might want to get advice as to if your use violates US patent law. That is probably a more important issue than export. The RSA patent expires in September. Moot point if you purchase RedHat Pro, they've got an RSA license. BTW, I am not a Linux booster -- I'm a BSD proponent. But the solution to the problem is mind-blowingly simple. There's no need to try to skirt the patent issue if it's that cheap. Note also that the [soon to be discontinued] JWS 2.0 for $295.00 is a full-fledged SSL server, with the best servlet engine on the planet -- SSL only available on Solaris/SPARC (not Intel, alas) and NT (ack! ptooey!). Meanwhile, September 20, 2000... we'll see if there will be a flourishing of RSA (the algorithm) and a withering of RSA Security. I'm shorting RSAS stock. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
No Subject
__ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]