- OpenSSL 0.9.1c 23-Dec-1998
+ OpenSSL 0.9.5-dev xx XXX 2000
- Copyright (c) 1998 The OpenSSL Project
- Copyright (c) 1995-1998 Eric Young
+ Copyright (c) 1998-2000 The OpenSSL Project
+ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
- ....
+ DESCRIPTION
+ -----------
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
- Transport Layer Security (TLS v1) and Secure Sockets Layer (SSL v2/v3)
+ Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols with full-strength cryptography world-wide. The project is managed
by a worldwide community of volunteers that use the Internet to communicate,
- plan, and develop the OpenSSL tookit and its related documentation.
+ plan, and develop the OpenSSL toolkit and its related documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
- and Tim J. Hudson. The OpenSSL toolkit is licensed under a BSD-style licence,
- which basically means that you are free to get and use it for commercial and
- non-commercial purposes.
+ and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
+ OpenSSL license plus the SSLeay license) situation, which basically means
+ that you are free to get and use it for commercial and non-commercial
+ purposes as long as you fulfill the conditions of both licenses.
- The package includes:
+ OVERVIEW
+ --------
+
+ The OpenSSL toolkit includes:
libssl.a:
Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
- both SSLv2, SSLv3 and TLSv1 in the one server.
+ both SSLv2, SSLv3 and TLSv1 in the one server and client.
libcrypto.a:
- General encryption and X.509 stuff needed by TLS/SSL but not actually
- logically part of it. It includes routines for the following:
+ General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
+ actually logically part of it. It includes routines for the following:
Ciphers
libdes - EAY's libdes DES encryption package which has been floating
Digests
MD5 and MD2 message digest algorithms, fast implementations,
SHA (SHA-0) and SHA-1 message digest algorithms,
- MDC2 message digest. A DES based hash that is polular on smart cards.
+ MDC2 message digest. A DES based hash that is popular on smart cards.
Public Key
RSA encryption/decryption/generation.
A simple stack.
A Configuration loader that uses a format similar to MS .ini files.
- Programs in this package include:
+ openssl:
+ A command line tool which provides the following functions:
enc - a general encryption program that can encrypt/decrypt using
one of 17 different cipher/mode combinations. The
req - Manipulate PKCS#10 certificate requests and also
generate certificate requests.
genrsa - Generates an arbitrary sized RSA private key.
+ gendsa - Generates DSA parameters.
gendh - Generates a set of Diffie-Hellman parameters, the prime
will be a strong prime.
ca - Create certificates from PKCS#10 certificate requests.
This program also maintains a database of certificates
issued.
verify - Check x509 certificate signatures.
- speed - Benchmark SSLeay's ciphers.
+ speed - Benchmark OpenSSL's ciphers.
s_server- A test SSL server.
s_client- A test SSL client.
s_time - Benchmark SSL performance of SSL server programs.
- errstr - Convert from SSLeay hex error codes to a readable form.
+ errstr - Convert from OpenSSL hex error codes to a readable form.
+ nseq - Netscape certificate sequence utility
-To install this package, read the INSTALL file.
-For the Microsoft world, read INSTALL.W32 file.
-
-For people in the USA, it is possible to compile SSLeay to use RSA Inc.'s
-public key library, RSAref. From my understanding, it is claimed by RSA Inc.
-to be illegal to use my public key routines inside the USA. Read
-doc/rsaref.doc on how to build with RSAref.
-
-Read the documentation in the doc directory. It is quite rough, but it lists
-the functions, you will probably have to look at the code to work out how to
-used them. I will be working on documentation. Look at the example programs.
-
+ PATENTS
+ -------
+
+ Various companies hold various patents for various algorithms in various
+ locations around the world. _YOU_ are responsible for ensuring that your use
+ of any algorithms is legal by checking if there are any patents in your
+ country. The file contains some of the patents that we know about or are
+ rumoured to exist. This is not a definitive list.
+
+ RSA Data Security holds software patents on the RSA and RC5 algorithms. If
+ their ciphers are used used inside the USA (and Japan?), you must contact RSA
+ Data Security for licensing conditions. Their web page is
+ http://www.rsa.com/.
+
+ RC4 is a trademark of RSA Data Security, so use of this label should perhaps
+ only be used with RSA Data Security's permission.
+
+ The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
+ Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should
+ be contacted if that algorithm is to be used, their web page is
+ http://www.ascom.ch/.
+
+ INSTALLATION
+ ------------
+
+ To install this package under a Unix derivative, read the INSTALL file. For
+ a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read
+ INSTALL.VMS.
+
+ For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s
+ public key library, RSAREF, by configuring OpenSSL with the option "rsaref".
+
+ Read the documentation in the doc/ directory. It is quite rough, but it
+ lists the functions, you will probably have to look at the code to work out
+ how to used them. Look at the example programs.
+
+ SUPPORT
+ -------
+
+ If you have any problems with OpenSSL then please take the following steps
+ first:
+
+ - Remove ASM versions of libraries
+ - Remove compiler optimisation flags
+ - Add compiler debug flags (if using gcc then remove -fomit-frame-pointer
+ before you try to debug things)
+
+ If you wish to report a bug then please include the following information in
+ any bug report:
+
+ OpenSSL Details
+ - Version, most of these details can be got from the
+ 'openssl version -a' command.
+ Operating System Details
+ - On Unix systems: Output of './config -t'
+ - OS Name, Version
+ - Hardware platform
+ Compiler Details
+ - Name
+ - Version
+ Application Details
+ - Name
+ - Version
+ Problem Description
+ - include steps that will reproduce the problem (if known)
+ Stack Traceback (if the application dumps core)
+
+ Report the bug to the OpenSSL project at:
+
+ openssl-bugs@openssl.org
+
+ Note that mail to openssl-bugs@openssl.org is forwarded to a public
+ mailing list. Confidential mail may be sent to openssl-security@openssl.org
+ (PGP key available from the key servers.)
+
+ HOW TO CONTRIBUTE TO OpenSSL
+ ----------------------------
+
+ Development is coordinated on the openssl-dev mailing list (see
+ http://www.openssl.org for information on subscribing). If you
+ would like to submit a patch, send it to openssl-dev@openssl.org with
+ the string "[PATCH]" in the subject. Please be sure to include a
+ textual explanation of what your patch does.
+
+ The preferred format for changes is "diff -u" output. You might
+ generate it like this:
+
+ # cd openssl-work
+ # [your changes]
+ # ./Configure dist; make clean
+ # cd ..
+ # diff -urN openssl-orig openssl-work > mydiffs.patch