we are looking at moving from out Netscape Enterprise SSL web server and
going to Apache+SSL (Apache-ssl, Ben's SSL) anyhow..we want to do this
legally, and we know that RSA has some copyright issues....I thought this
would be a problem..but it might not be.
I looked at our current NES server was using, and RSA isn't on the list
(RC[24] and DES with MD5 and SHA message authentication is basically all
that is listed).
now...when I was on the phone with the RSA Tech, he said that in order to
Use OpenSSL with Apache+SSL, I would have to no include the rsaref, and rip
the RSA Crypto out of OpenSSL. Do I need to go that far? What if I just
specified the "-no-rsa" when I compile OpenSSL? Is there any RSA code in
the compiled version at that point?
Our main concerns are
1) we don't want to loose functionality. If RSA was being used before, we
still want it (was it being used before though?)
2) we want it implement the SSL legally.
If anyone has any insight into this, I would appreciate it. I looked in the
archives, and didn't see anything directly relating to this (then again, I
might have missed something also)
thanks.
benji
---
Benji Spencer
Web Programmer
Moody Bible Institute
312-329-2288
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
