Hello all. Just joined the list, but thought I'd put in my 2 sense about RSA. Back before I grew a brain and migrated to Apache, I was running several Netscape Enterprise servers on an intranet and wanted to keep traffic to it private. Being the low-level gumby that I am, I knew that my superiors (?) wouldn't approve the $$ for a server certificate. In steps SSLeay. Got everything humming along within a day or so when the licensing issue hit me. Let me say that my first inclination was to drop any RSA algorithms and use DSA, but IE didn't support it. So I called RSA and told them I wanted to license their encryption algorithms. After being transferred half a dozen times, I got to someone who tried to tell me that I had to buy support for the BSafe dev kit. I told them, no, and they finally fessed up that I could just license the algorithms that were being used by SSLeay. Now the issue was which kind of licensing. The cheapest option was to get a 1-5 machine license at $3000 for a year or $6000 for life. Kinda curious how the lifetime license is the same as ( yearly license * number of years left in the patent). Anywho, since all I wanted to do was create certificates for existing NS servers, we agreed that even though I might have 200 servers and 1M clients on those servers, the only licensing issues were concerning the creation of the certificates. This is because NS has already licensed the RSA algorithms for the servers and the browsers. The only unlicensed use of the algs was in signing the server certificate requests. Since I only needed one machine to do this, I could get the 1-5 machine license. Never got around to it though. Since I've been migrating to Apache, I've been looking at Raven by Covalent Tech, which is apparently derived from mod_ssl. Their license (including RSA) is under $400 for life. According to one of the Covalent people, the license that comes with Raven entitles the user to generate/sign certificates, but I don't know if it would carry over to the use of SSLeay/mod_ssl on multiple servers. I'm hoping to get the RSA part of the license text to verify it's agreement. Kind of long winded for a first post, but I figured maybe someone else could benefit from the days I spent fighting the issue. -Brad Waite ______________________________________________________________________ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
