-----Original Message-----
From: David Hajoglou <[EMAIL PROTECTED]>
To: '[EMAIL PROTECTED]' <[EMAIL PROTECTED]>
Date: Tuesday, April 27, 1999 8:04 PM
Subject: While there is a discussion on RSA
>
>I am following the INSTALL.SSL instructions with apache_1.3.6. These
>instructions say that I should use RSA. Do I really need to? Can I skip
>it and still operate a comercial server with just apache/mod_ssl
>and openssl?
>
>
>Thank You
>-hojo
>
You cannot operate a commercial server (defined as one that generates income
for you in any way -- i.e., you do e-commerce with the server, or you are an
ISP that offers secure sites) in the US, WITH OR WITHOUT RSAREF, without
violating RSA's patents.
All browser-supported SSL ciphersuites use RSA, AFAIK. To use SSL legally
in the US for commercial purposes, you must either license BSAFE from
RSADSI, or buy a commercial Apache+SSL (from C2Net, Covalent, or Red Hat).
Dave Neuer
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
