Forum OpenACS Q&A: SSL?

1: SSL?

Posted by Babak Ashrafi on 08/15/00 04:11 PM

What are folks using for security? It is going to take a chunk of our
grant to use SSL for a few years -- and after our grant runs out we
will not be able to maintain the functionality that SSL allowed us to
develop. So what is a (legal-in-the-US) alterntive to SSL?

2: Response to SSL? (response to 1)

Posted by Richard Li on 08/15/00 04:16 PM

Are you referring to SSL in AOLserver? Export-grade (56-bit I believe) SSL is available for free download. For 128-bit encryption, you have to currently purchase a BSAFE library, but the RSA patent expires this year, at which point it will be free.

3: Response to SSL? (response to 1)

Posted by Babak Ashrafi on 08/15/00 05:57 PM

Yeah, the binary for FreeBSD was compiled for FBSD3.4, and the makefile says "FreeBSD does not yet support SMP -- evidently a FreeBSD 4.x release will." Our current server is a dual CPU machine running FBSD4.1. That's why I wanted to compile aolserver myself. I don't suppose I could get the export version of BSAFE to compile against? Or can I just move nsssle.so and use it without re-compiling all of aolserver?

4: Response to SSL? (response to 1)

Posted by Li-fan Chen on 08/15/00 07:39 PM

Babak, be sure to also check ArsDigita's Web/DB forum and AOLserver's community site for the past discussions regarding SSL and AOLserver.

5: Response to SSL? (response to 1)

Posted by Don Baccus on 08/15/00 07:43 PM

Yes, check each of those two, there are hacks available that center around buying (say) RedHat's secure webserver (or whatever they call it) retail package for about $90, taking out the BSAFE library, and then using it with AOLserver.

It's all perfectly legal because the RedHat distro includes a binary license to use BSAFE (that's one reason it's relatively expensive) and there's no license restriction regarding using it only with Apache or whatever.

I think this is discussed in the most detail on the AOLserver mailing list. It's an AOlserver, not OpenACS issue...