httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Donovan <donov...@bellatlantic.net>
Subject Re: Thoughts on Camillia in openssl binaries?
Date Tue, 18 Sep 2007 20:19:55 GMT
William A. Rowe, Jr. wrote:
> Two questions, one technical one legal.
> 
> Technically, do we want to enable the Camillia algorithms in our
> binary builds of openssl 0.9.8 for win32 and other platforms where
> we might build it?
> 
> Legally are we satisfied by
> http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
> ?  There is a small clause about permission needed to export from
> JP, which would mean if a JP site redistributed our binary (e.g.
> reexported it) it might cause them a hassle.
> 
> Bill
> 
Seems reasonable in anticipation of it becoming supported in FireFox 3.

FYI - enabling camellia works well with Apache 2.2.4/mod_ssl on Windows 
to the NTT test site - https://info.isl.ntt.co.jp/crypt/eng/camellia. 
The selected Cipher Suite is TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA.

On a slightly-related note; it might also be a good change to statically 
link zlib into OpenSSL to avoid the need for zlib1.dll.  Doing so adds 
about 40kb to the size of libeay32.dll vs. shipping the 58kb zlib1.dll.

I think rle compression (which is always available) or no-compression 
gets used for SSL in most cases anyway.  Many Windows users delete 
zlib1.dll and never notice its absence.

PERL Configure VC-WIN32 enable-camellia zlib 
--with-zlib-lib=../zlib/zlib.lib --with-zlib-include=../zlib

-tom-

Mime
View raw message