[lug] Stronghold my only APACHE SSL option?

Andrew Diederich andrew at netdelivery.com
Tue Mar 14 13:48:14 MST 2000


On Tue, Mar 14, 2000 at 12:43:30PM -0700, Hugh Brown wrote:
> openSSL is another SSL package for apache.  Don't know about the
> legality issues.
> 
> 
> NEWHOPE wrote:
> > 
> > Is stronghold my only SSL software option if I want to use SSL on APACHE?  I
> > will either be using Red Hat or Solaris for a new web server, and the last
> > step in the decision relates to SSL.
> > 
> > Someone told me that some of the SSL Apache modules are illegal in the US,
> > is that true?
> > 
Well, according the O'Reilly Apache book, p 222 in the Security chapter:
"The next, and easiest step of all, is to decide whether you are in the
United States and Canada or the rest of the world. Then follow these
guidelines:

US/Canada
You ahve two chioces. You can get a commercial SSL-enabled web server,
or you can do what the rest of the world does (see below), noting only
that you need to get a license to use RSA's patents if you want to make
money out of your SSL-enabled Apache (see www.rsa.com).

In the rest of the world
If your deliberations lead you to believe that you are in the rest of the
world,
proceed as described in the following sections."

Get SSLeay, etc.

Hope this helps.

> > Any opinions, resources, experience, etc appreciated.
> > 
> > Thanks,
> > 
> > Peter Janett
> > 
> > New Media One Web Services
> >   ~Professional results with a personal touch~
> >       http://www.newmediaone.com
> >       webmaster at newmediaone.com

--
Andrew
"whoo-hoo!  I answered one!"
-me





More information about the LUG mailing list