"Leland V. Lammert" <[EMAIL PROTECTED]> writes:
> 1) Purchase an Apache like Stronghold (at $1K+ not an option for a small company).
>Completely legal in the US?
Frankly, I find this baffling. I work for a small company (two people)
and we bought well over 3K in computers and software last year. If
you can afford computers, Internet service, and a web site, you
should be able to fork over $1K for a web server.
> 2) Build Apache with OpenSSL (or, as we did three years ago, with
> SSLeay). Legal for non-commercial purposes in the US and
> questionable for e-commerce?
Can be used consistent with the RSAREF license -- i.e. illegal for
commerce.
> 3) Purchase the RedHat Secure Server (as I commented earlier),
> .. though I did not think to phrase that I was advocating using the
> RH SSL binaries and linking to a standard Apache (which I have been
> told is completely legal). Legal, but may be problematic merging
> standard Apache and RH implementations?
I don't know if this will work (i.e. if the RH secure server is
packaged in such a way that this is technically possible.) Moreover,
I don't know that it's legal.
> 4) Install OpenBSD (though we have not used it, it appears to have
> the SSL libraries built-in). Legal status unknown?
Illegal.
> Since it is not practical for a small company to deal directly with
> RSA (or the like), our only option at the time seemed to be #2, as
> the server was initially a 'test site'. We need to rebuild the
> server in the near future, .. and I would be very interested in pros
> and cons.
You've missed at least one interesting option: use IIS on Windows. You
get SSL with RSA for free.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
