Subject: Re: what to put into cryptosrc-intl tree
To: None <>
From: Simon J. Gerraty <>
List: tech-security
Date: 06/23/1999 20:27:19
> > Note that ssleay/openssl can be built patent-free with -DNO_RSA, -DNO_IDEA
> > etc.
> Um, how does Open *SSL* work with -DNO_RSA?

Very well :-) IIRC SSL originally only catered for RSA, and certainly
NS and IE only support RSA, but SSL is used for lots of things other
than https.  The SSLv3 spec supports DSA certs, DH key agreement and
the whole thing can work ok with no patented s/w.

I do the firewalls for a big telco here in oz, and we set up a
DSA/DH/3DES environment specifically for a US based company to be able
to talk to our proxies (my libsslfd makes adding SSL to anything easy
:-) without needing to pay $25k or so to RSA.

Also the IETF TLSv1 spec is essentially SSLv3 but does not mandate
support for RSA or any other patented s/w.