At 03:54 AM 11/24/99 , you wrote:
> Didn't mean for this to run on so, but it's now the wee hours of
>a holiday eve. I beg your pardon for any pedantic airs that crept in;
>summary histories seem to foster them.
Vin,
Thank you for the excellent SSL history! Though there might be inaccuracies (of which
someone else may point out), I, for one, would be most interested if you can comment
on (or add to) the following options as I see them for a US based company that wishes
to build a SSL-based web server:
1) Purchase an Apache like Stronghold (at $1K+ not an option for a small company).
Completely legal in the US?
2) Build Apache with OpenSSL (or, as we did three years ago, with SSLeay). Legal for
non-commercial purposes in the US and questionable for e-commerce?
3) Purchase the RedHat Secure Server (as I commented earlier), .. though I did not
think to phrase that I was advocating using the RH SSL binaries and linking to a
standard Apache (which I have been told is completely legal). Legal, but may be
problematic merging standard Apache and RH implementations?
4) Install OpenBSD (though we have not used it, it appears to have the SSL libraries
built-in). Legal status unknown?
Since it is not practical for a small company to deal directly with RSA (or the like),
our only option at the time seemed to be #2, as the server was initially a 'test
site'. We need to rebuild the server in the near future, .. and I would be very
interested in pros and cons.
TIA,
Lee
============================================
Leland V. Lammert [EMAIL PROTECTED]
Chief Scientist Omnitec Corporation
Network/Internet Consultants www.omnitec.net
============================================
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
