-----Original Message-----
From: olga <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>; [EMAIL PROTECTED]
<[EMAIL PROTECTED]>; [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Tuesday, April 27, 1999 4:31 PM
Subject: Re: RSA licensing for OpenSSL usage?
>Ross,
>
>On 27-Apr-99 Ross Foard wrote:
>> Olga,
>>
>> Did you get any responses to this question? Because of the unclear (to
me)
>> nature of the RSA licensing I am using an evaluation of Covalent Raven
while
>> try
>> to understand the licensing issues. In the past I have always used
Netscape
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>It seems to me that while using Raven you still need a license and this
could
>mean buying (and using???) BSAFE.
Covalent is an RSA licensee (as are C2Net -- makers of the Stronghold
webserver, and Red Hat -- makers of Red Hat Secure Web Server). You can use
any of the RSA licensed vendors' Apache/SSL implementations for commercial
use; the vendor has paid RSA for you, in advance. However, there may be
restrictions on exactly what you're able to do with the software.
For instance, Red Hat distributes their Red Hat Secure Web Server product as
a full httpd binary with SSL (a somewhat outdated version of mod_ssl)
statically compiled in. They also distribute the Apache sources, BUT NOT
SOURCE OR BINARY for the ssl module; the result is that you can compile (as
DSO's) third party modules that require Apache sources even to compile as a
DSO, but you can't compile other modules for static linking with your secure
Apache or upgrade your secure apache yourself, period (someone involved with
the project at Red Hat informed me that now that mod_ssl has DSO support,
this may change).
Other vendors may have their own strange licensing agreements with RSA.
C2Net used to distribute Stronghold as Apache (with source), their own
patches to Apache, and a binary-only ssl module, so you could compile other
modules in statically (but you couldn't upgrade Apache, because then their
patches which provided the interface to the ssl module wouldn't apply
correctly). Of course, Stronghold (at the time that I used it) came with a
$1000 price tag, as opposed to RHSWS's $100 price. With the release of
Stronghold 2.4 I'm not sure how it works any more.
Hope this clears things up a little,
Dave Neuer
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
