Alan Pogrebinschi wrote:
>
> Hi.
>
> At Apache-SSL website it says that Apache-SSLcan be linked to SSLeay or
> OpenSSL. I know that using SSLeay for commercial ends in the U.S. is not
> legal.
That while being correct is not he whole truth. AFAIK, using SSLeay is
fine
as long as you prchase and use the rsa implementation from RSADSI.
>
> My question is: if I link Apache-SSL to OpenSSL (and not to SSLeay) will it
> be legal for commercial use even in the U.S. ??
Due to the stuff stated above it makes no difference whether you use
OpenSSL
or SSLeay, you need to license a RSADSI product. I am not sure if you
have to
_use_, but you have to _pay_ for it.
> PS: off topic: My company is located in Brazil and our server is in the US.
> I never know for sure if I should use the international or U.S. versions of
> crypto software. Anyone knows?
You may use the US version on the server, but if you are doing any
encrypted
operations from brazil you will have to ensure that you are not using
any
strong encryption while doing so. So it depends on what you are doing
from your
server. If it is web-stuff, a US server might help, since you
US-custemers
might be able to use strong encryption. If your customers are ouside
US/Can
then you might want to avoid the hassles as nobody can connect to it
anyway.
Or you get non-US security proxies, that will allow non-US people to
connect to
you US strong crypto apache.
mfg lutz
--
*******************************************************************
Lutz Behnke Tel.: 040 / 766 29 1423
TC TrustCenter for Security Fax.: 040 / 766 29 577
in Data Networks GmbH email: [EMAIL PROTECTED]
Am Werder 1
21073 Hamburg, Germany
S/MIME Cryptographic Signature
