William A. Rowe, Jr. wrote:
Two questions, one technical one legal.
Technically, do we want to enable the Camillia algorithms in our
binary builds of openssl 0.9.8 for win32 and other platforms where
we might build it?
Legally are we satisfied by
http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
? There is a small clause about permission needed to export from
JP, which would mean if a JP site redistributed our binary (e.g.
reexported it) it might cause them a hassle.
Bill
Seems reasonable in anticipation of it becoming supported in FireFox 3.
FYI - enabling camellia works well with Apache 2.2.4/mod_ssl on Windows
to the NTT test site - https://info.isl.ntt.co.jp/crypt/eng/camellia.
The selected Cipher Suite is TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA.
On a slightly-related note; it might also be a good change to statically
link zlib into OpenSSL to avoid the need for zlib1.dll. Doing so adds
about 40kb to the size of libeay32.dll vs. shipping the 58kb zlib1.dll.
I think rle compression (which is always available) or no-compression
gets used for SSL in most cases anyway. Many Windows users delete
zlib1.dll and never notice its absence.
PERL Configure VC-WIN32 enable-camellia zlib
--with-zlib-lib=../zlib/zlib.lib --with-zlib-include=../zlib
-tom-
