Re: RSA Security and Red Hat, Inc. Sign Licensing Agreement

Tue, 30 Nov 1999 02:29:43 -0800 

This isn't quite true - you can compile OpenSSL to be copyright free. 
However, as far as I know (and my knowledge is a bit out-of-date, so
this may have changed), this then leaves SSL with cipher suites which
are not supported by the common browsers.  So you can only write secure
applications that do not talk to browsers.  But you can still use SSL,
if both ends of the connection have a comprehensive (ie OpenSSL)
implementation.

Sorry if this repeats stuff - I've just re-subscribed to the list after
having not read it for a long time (since SSLeay, I guess).

Andrew

"Aaron D. Turner" wrote:
> After about 2 weeks worth of research (talking to this list, RSA,
> our lawyers, etc) I found that if your a company in the US, and you
> want SSL to talk to IE or Netscape, you have to either:
> 
> - Break the law
> 
> or
> 
> - Buy a license from RSA (very expensive)
> 
> or
> 
> - Buy a commercial SSL implimentation (not cheap, but about 100 times
> cheaper than getting a license from RSA)
> 
> Using only des/des3 won't work because you need a PK algorithm to
> exchange the des/des3 keys.
> 
> --
> Aaron Turner        [EMAIL PROTECTED]  650.237.0300 x252
> Security Engineer                         Vicinity Corp.
> Cell: 408-314-9874  Pager: 650-317-1821   http://www.vicinity.com
> 
> On Wed, 24 Nov 1999, Tim Riker wrote:
> 
> > OK, so what is a distributor to do? ;-)
> >
> > In short: Is it possible to build OpenSSL without and code that is
> > patent infringed, and still have it talk to Netscape and M$IE? What if I
> > did:
> >
> > ./Configure --prefix=/usr --openssldir=%{openssldir} linux-elf \
> >     no-bf no-idea no-rc2 no-rc4 no-rc5 no-rsa no-sha
> >
> > to get just des/des3, is that enough? (the astute will notice that this
> > will not build, but hey) It should be ok to leave in blowfish, but
> > M$IE/Netscape do not have blowfish anyway right?
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to