On Sat, 6 May 2000, Begone Flame wrote:
[Since this is firewalls, I'll parse that as "BegOne Flame" ;)]
> Hello, I am new to the SSL arena and I require some information that might
> seem basic. I am wondering if one can use the SSL protocol without
Netscape's site still has all the SSL resources you'd probably want to
read. Search their developer's section.
> requiring that the server certificate be signed by a third party. What I am
Yes, however unless the CA's certificate is in the browser, users will
have an extra scary prompt before they can connect. Most of this stuff is
covered in the SSL FAQ, which is easily findable with any popular Web
search engine.
> also wondering is if there are any server packages out there written for
> win32 that are free; if not I would like to know which server
> implementations are the cheapest.
In the United States, RSA [the algorithm] is patent encumbered until this
fall, so you'll need to pay RSA [the company] to use SSL that contains
RSA [the algorithm] or certificate generation that does the same. You may
be able to get around this by linking with RSAREF [the library], but
you'll want to check with a competent intellectual property attourney
prior to doing so.
I don't know if the Diffie-Hellman stuff is in the V2 specification or
which if any browsers support it- I stopped having to worry about such
things a while back, but that's an area you might want to research.
You'll need both certificate recognition as well as connection initiation
support to really use both without paying RSA [the company] to use their
patented material.
I don't know if SSLeay will build on Win32, but if it does, removing the
patent encumbered code and doing the usual Apache mods on the Win32
version should work. If not, you might be able to use the NT Crypto API
in place of the usual Apache crypto patches.
You could also run Roxen or Apache with crypto patches in front of a
privacy-stupid Win32 box that only the *nix box could talk to. I have no
idea of the status of using Roxen in the US and patents. Several people
used to sell Linux-based SSL-ized servers for less than USD$100. I can't
imagine IIS doesn't support SSL (though I also can't imagine running a
site on IIS)- dunno if/what it would cost though.
I expect that in just over four months certificate generation and server
modification will get significantly more popular. I know I'll start
issuing certs and rebuilding all my Web servers as soon as I'm legally
able. If you're outside the US, you'll need to check to see if the patent
issue is relevent in your jurisdiction. For instance, I've seen varying
things on Canada beind and not being covered, though I couldn't find a
patent myself last time I looked.
O'Reilly Associates used to sell a Windows based server, I don't know if
it has SSL or not though. Netscape sells one, but it's always been
expensive when I've looked.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
