From owner-freebsd-questions  Tue Apr 22 10:09:55 1997
Return-Path: <owner-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id KAA25433
          for questions-outgoing; Tue, 22 Apr 1997 10:09:55 -0700 (PDT)
Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA25426
          for <questions@freebsd.org>; Tue, 22 Apr 1997 10:09:51 -0700 (PDT)
Received: from znep.com (uucp@localhost) by scanner.worldgate.com (8.8.5/8.7.3) with UUCP id LAA15356; Tue, 22 Apr 1997 11:07:53 -0600 (MDT)
Received: from localhost (marcs@localhost) by alive.znep.com (8.7.5/8.7.3) with SMTP id LAA14400; Tue, 22 Apr 1997 11:05:24 -0600 (MDT)
Date: Tue, 22 Apr 1997 11:05:23 -0600 (MDT)
From: Marc Slemko <marcs@znep.com>
To: abbott at MPCA <jabbott@wolf.co.net>
cc: Steve <shovey@buffnet.net>, Artem Koutchine <matrix@norilsk.ru>,
        questions@freebsd.org
Subject: Re: Secure HTTP
In-Reply-To: <335C8712.62319AC4@wolf.co.net>
Message-ID: <Pine.BSF.3.95.970422104204.12849E-100000@alive.znep.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Tue, 22 Apr 1997, abbott at MPCA wrote:

> Steve wrote:
> > 
> > Apache doesnt have secure server services - stronghold does.
> 
> No, that is not true.  Apache, with the addition of SSLeay provides
> everything that Stronghold does.  What you paid for with Stronghold is
> everything all put togeather in one package plus a telephone number to
> call and complain when it does not work.  Both valuable things.  I
> popped for stronghold too.  I was never able to get SSLeay to work
> right.

There are some Apache-SSL patches that allow Apache to work with SSLeay. 
However, to work with common clients you need to use a cipher (RC2/RC4) 
which RSA claims patents on in the US.  This means that to use it
commercially within the US you need to have a license from RSA. 

With Stronghold, the vendor has put the Apache-SSL patches in and have
obtained the required licensing to use it in the US.  On top of this,
they have done a bunch of other things that the freely available patches
do not include.. 

Something of a summary is available at:

	http://www.apacheweek.com/features/ssl/