Restricted IP crypto in OpenSSL

Dagmar d'Surreal dagmar.wants at
Thu Jun 5 00:15:38 PDT 2003

In the course of trying to update someone's machine that's _really_
behind, I noticed that RH's openssl srpm has a script in it to yank out
("hobble" is the word alright) the three cryptographic methods that
aren't kosher to use inside the US due to intellectual property
constraints (longhand for "copyrighted methods").  I'm somewhat
embarrassed to admit that I've known about it and never bother to remove
them from the library in my own builds, mainly because I try to get
everything to use either twofish, blowfish, or RSA when I can so those
methods just don't get used by me.

Is BLFS going to address doing that with OpenSSL with a patch or a
mention or is it going to be left up to the user to figure things out on
their own?  It's something I think should probably be at least
mentioned, but it's going to be three weeks or more before I can get
back to that.  I figured I'd mention it while it was still fresh in my
mind and maybe someone else can jump on this...

The email address above is just as phony as it looks, and for obvious reasons.
Instant messaging contact nfo: AIM: evilDagmar  Jabber: evilDagmar at

Unsubscribe: send email to listar at
and put 'unsubscribe blfs-dev' in the subject header of the message

More information about the blfs-dev mailing list