Forum OpenACS Q&A: SSL?

Collapse
1: SSL?
Posted by Babak Ashrafi on
What are folks using for security?  It is going to take a chunk of our
grant to use SSL for a few years -- and after our grant runs out we
will not be able to maintain the functionality that SSL allowed us to
develop.  So what is a (legal-in-the-US) alterntive to SSL?
Collapse
2: Response to SSL? (response to 1)
Posted by Richard Li on
Are you referring to SSL in AOLserver? Export-grade (56-bit I believe) SSL is available for free download. For 128-bit encryption, you have to currently purchase a BSAFE library, but the RSA patent expires this year, at which point it will be free.
Collapse
3: Response to SSL? (response to 1)
Posted by Babak Ashrafi on
Yeah, the binary for FreeBSD was compiled for FBSD3.4, and the makefile says "FreeBSD does not yet support SMP -- evidently a FreeBSD 4.x release will."  Our current server is a dual CPU machine running FBSD4.1.  That's why I wanted to compile aolserver myself.  I don't suppose I could get the export version of BSAFE to compile against?  Or can I just move nsssle.so and use it without re-compiling all of aolserver?
Collapse
4: Response to SSL? (response to 1)
Posted by Li-fan Chen on
Babak, be sure to also check ArsDigita's Web/DB forum and AOLserver's community site for the past discussions regarding SSL and AOLserver.
Collapse
5: Response to SSL? (response to 1)
Posted by Don Baccus on
Yes, check each of those two, there are hacks available that center  around buying (say) RedHat's secure webserver (or whatever they call it) retail package for about $90, taking out the BSAFE library, and then using it with AOLserver.

It's all perfectly legal because the RedHat distro includes a binary license to use BSAFE (that's one reason it's relatively expensive) and  there's no license restriction regarding using it only with Apache or whatever.

I think this is discussed in the most detail on the AOLserver mailing list.  It's an AOlserver, not OpenACS issue...