Subject: Re: openssl w/o rc5 & idea, was Re: openssl like in NetBSD
To: None <firstname.lastname@example.org>
From: Bill Studenmund <email@example.com>
Date: 09/26/2001 21:44:53
On Fri, 28 Sep 2001 firstname.lastname@example.org wrote:
> >Well, I'd like to use netbsd's pkgsrc to make packages in a commercial
> >product. Some of the packages I'm interested in use openssl, so I'd like
> >to have the commercially-usable version. I also want to minimize drift
> >between my pkgsrc and NetBSD's. When I suggested making an
> >openssl-commercial, I was told instead to just rip out idea & rc5 instead.
> I vote for openssl-commercial.
Ok. That works too.
> >Also, I'm basing my decision to limit things to no-idea and no-rc5 on
> >comments from the openssl web site. So while I'm not using a review from
> >an in-house lawyer, I am going with what a lot of other folks are doing.
> do you have any URLs for the "comments"?
1. Do I need patent licenses to use OpenSSL?
The patents section of the README file lists patents that may apply to you
if you want to use OpenSSL. For information on intellectual property
rights, please consult a lawyer. The OpenSSL team does not offer legal
You can configure OpenSSL so as not to use RC5 and IDEA by using
./config no-rc5 no-idea
They list patents on the RSA, RC5, and IDEA algorithms. They list RC4 as
being trademarked by RSA Inc.
So I think no-rc5 and no-idea are enough.