| Ulf Möller | f9a7c34 | 2000-02-23 17:03:06 +0000 | [diff] [blame] | 1 | OpenSSL - Frequently Asked Questions |
| 2 | -------------------------------------- |
| 3 | |
| 4 | * Where is the documentation? |
| 5 | * How can I contact the OpenSSL developers? |
| Ulf Möller | c1ce32f | 2000-02-23 17:09:50 +0000 | [diff] [blame] | 6 | * Do I need patent licenses to use OpenSSL? |
| Ulf Möller | f9a7c34 | 2000-02-23 17:03:06 +0000 | [diff] [blame] | 7 | * Is OpenSSL thread-safe? |
| 8 | * Why do I get a "PRNG not seeded" error message? |
| Ulf Möller | 2b670ea | 2000-02-23 19:26:59 +0000 | [diff] [blame^] | 9 | * Where can I get a compiled version of OpenSSL? |
| Ulf Möller | f9a7c34 | 2000-02-23 17:03:06 +0000 | [diff] [blame] | 10 | |
| 11 | |
| 12 | * Where is the documentation? |
| 13 | |
| 14 | OpenSSL is a library that provides cryptographic functionality to |
| 15 | applications such as secure web servers. Be sure to read the |
| 16 | documentation of the application you want to use. The INSTALL file |
| 17 | explains how to install this library. |
| 18 | |
| 19 | OpenSSL includes a command line utility that can be used to perform a |
| 20 | variety of cryptographic functions. It is described in the openssl(1) |
| 21 | manpage. Documentation for developers is currently being written. A |
| 22 | few manual pages already are available; overviews over libcrypto and |
| 23 | libssl are given in the crypto(3) and ssl(3) manpages. |
| 24 | |
| 25 | The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a |
| 26 | different directory if you specified one as described in INSTALL). |
| 27 | In addition, you can read the most current versions at |
| 28 | <URL: http://www.openssl.org/docs/>. |
| 29 | |
| 30 | For information on parts of libcrypto that are not yet documented, you |
| 31 | might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's |
| 32 | predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>. Much |
| 33 | of this still applies to OpenSSL. |
| 34 | |
| 35 | The original SSLeay documentation is included in OpenSSL as |
| 36 | doc/ssleay.txt. It may be useful when none of the other ressources |
| 37 | help, but please note that it reflects the obsolete version SSLeay |
| 38 | 0.6.6. |
| 39 | |
| 40 | |
| 41 | * How can I contact the OpenSSL developers? |
| 42 | |
| 43 | The README file describes how to submit bug reports and patches to |
| 44 | OpenSSL. Information on the OpenSSL mailing lists is available from |
| 45 | <URL: http://www.openssl.org>. |
| 46 | |
| 47 | |
| Ulf Möller | c1ce32f | 2000-02-23 17:09:50 +0000 | [diff] [blame] | 48 | * Do I need patent licenses to use OpenSSL? |
| Ulf Möller | f9a7c34 | 2000-02-23 17:03:06 +0000 | [diff] [blame] | 49 | |
| 50 | The patents section of the README file lists patents that may apply to |
| 51 | you if you want to use OpenSSL. For information on intellectual |
| 52 | property rights, please consult a lawyer. The OpenSSL team does not |
| 53 | offer legal advice. |
| 54 | |
| 55 | You can configure OpenSSL so as not to use RC5 and IDEA by using |
| 56 | ./config no-rc5 no-idea |
| 57 | |
| 58 | Until the RSA patent expires, U.S. users may want to use |
| 59 | ./config no-rc5 no-idea no-rsa |
| 60 | |
| 61 | Please note that you will *not* be able to communicate with most of |
| 62 | the popular web browsers without RSA support. |
| 63 | |
| 64 | |
| 65 | * Is OpenSSL thread-safe? |
| 66 | |
| 67 | Yes. On Windows and many Unix systems, OpenSSL automatically uses the |
| 68 | multi-threaded versions of the standard libraries. If your platform |
| 69 | is not one of these, consult the INSTALL file. |
| 70 | |
| 71 | Multi-threaded applications must provide two callback functions to |
| Ulf Möller | be7ae17 | 2000-02-23 18:10:42 +0000 | [diff] [blame] | 72 | OpenSSL. This is described in the threads(3) manpage. |
| Ulf Möller | f9a7c34 | 2000-02-23 17:03:06 +0000 | [diff] [blame] | 73 | |
| 74 | |
| 75 | * Why do I get a "PRNG not seeded" error message? |
| 76 | |
| 77 | Cryptographic software needs a source of unpredictable data to work |
| 78 | correctly. Many open source operating systems provide a "randomness |
| 79 | device" that serves this purpose. On other systems, applications have |
| 80 | to call the RAND_add() or RAND_seed() function with appropriate data |
| 81 | before generating keys or performing public key encryption. |
| 82 | |
| 83 | Some broken applications do not do this. As of version 0.9.5, the |
| 84 | OpenSSL functions that need randomness report an error if the random |
| 85 | number generator has not been seeded with at least 128 bits of |
| 86 | randomness. If this error occurs, please contact the author of the |
| 87 | application you are using. It is likely that it never worked |
| 88 | correctly. OpenSSL 0.9.5 makes the error visible by refusing to |
| 89 | perform potentially insecure encryption. |
| Ulf Möller | 2b670ea | 2000-02-23 19:26:59 +0000 | [diff] [blame^] | 90 | |
| 91 | |
| 92 | * Where can I get a compiled version of OpenSSL? |
| 93 | |
| 94 | Some applications that use OpenSSL are distributed in binary form. |
| 95 | When using such an application, you don't need to install OpenSSL |
| 96 | yourself; the application will include the required parts (e.g. DLLs). |
| 97 | |
| 98 | If you want to install OpenSSL on a Windows system and you don't have |
| 99 | a C compiler, read the "Mingw32" section of INSTALL.W32 for information |
| 100 | on how to obtain and install the free GNU C compiler. |
| 101 | |
| 102 | A number of Linux and *BSD distributions include OpenSSL. |
