On 09/13/99, Raynard A. Jong said:
>I thought all I needed to do was build it using RSAref , but now I am not
>so sure. I saw that even with the Configure options rsaref, that RC4 is
>used unless I also include no-RC4. (Note that the just adding the no-RC4
>option to the Configure command line resulted in errors in the build. To
>build the code, I had to manually edit the Makefile.ssl to prevent the
>build from proceeding in the crypto/rc4 sibdirectory.)
RSAref is provided for non-commercial use of the algorithm. Using it doesn't
produce a patent-free version. Rather, you just end up using a version of
their software that they allow for non-commercial purposes.
To be RSA clean, you'd have to remove:
RSA
RC2
RC5
RC4 is a bit of curiosity, because while it's not actually patented, the name
'RC4' is trademarked, and using it in a commercial product could almost certainly
bring a lawsuit. You will see it repackaged as 'ARCFOUR' to avoid the trademark
problem.
If you want to be really squeeky clean, leave RC4 out too.
>Can anyone tell me what are the actual options I should use to build a
>version of OPENSSL that will avoid the RSA patented stuff that we are not
>supposed to use in the US without paying a fee to RSA?
>
>Is
> Configure rsaref no-RC4
>sufficient, or are there other cyphers (eg. RC5) that need to be included
>in the "no" list.
I'd say: Configure no-rsa no-rc2 no-rc4 no-rc5 no-idea
Should leave you in pretty good shape. Don't forget about IDEA, that's
patented too.
--Chris
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
