On Tue, Oct 12, 1999, David C. Snyder wrote:
> I would like to use mod_ssl enabled Apache to host a few small
> e-commerce web sites in the US. Unfortunately, the instructions for
> building mod_ssl (INSTALL) indicate that it is mandatory for
> US-citizens to link openssl and mod_ssl with RSAref-2.0.
>
> I talked to someone in licensing at RSA, and they indicated that it
> is illegal to use RSAref-2.0, commercially or not, in the US. They
> said that I would need to license their "Crypto-C" library.
>
> I am hoping that they simply misunderstood my intentions. I don't
> plan to "sell" any software, nor do I plan to charge extra for the use
> of the SSL enabled Apache that will on my web server. (My prices for
> hosting SSL enabled domains are the same as for non-SSL domains.)
>
> Given this situation, is it necessary to purchase a license in order
> to legally operate a mod_ssl enabled Apache in the US?
Forget talking to RSA DSI, experiences of mod_ssl users showed that they
always just have an "answer of the month". Nevertheless you _HAVE_ to license
RSA from them - yes. But read the README.Patents document in the mod_ssl
distribution for a few hints...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
