		SSLeay DSA builds for use in the USA
		------------------------------------

	Windows NT and 3.1 binaries for EDH-DSS-DES.
	Built by Clifford Heath, cjh@osa.com.au, Feb 24 1998.

These files contain the scripts and shared libraries for SSLeay-0.8.1 on
Windows NT and Windows 3.1, supporting only algorithms which are thought
not to be claimed as patented or trade secret. They are offered in the
hope that they will save someone else a) the work of building them,
and b) the legal liability that may be imposed by abusing proprietry
intellectual property rights. No warrantee is given or implied. Get
your own advice as to whether this software is legal to use in your
geography. Build the software yourself (using the batch and .DEF files
provided) if you don't trust the binaries. I have tested only the
Windows 3.1 builds, but previous NT builds tested ok.

I use these with the cipher-suite EDH-DSS-DES-CBC3-SHA. Be warned that
to use this suite securely you need a good random number generator on
the server, not just on the client. A poor RNG on the client may result
in the session being insecure, whereas a poor RNG on the server can
expose the server's private key, allowing spoofing.

Files:
------

This package (one of two) contains 16 bit or 32 bit files as follows:

README:
	This file.

w16usa.bat, w32usa.bat:
	A one-line .BAT file that runs perl to make a makefile for
	a vanilla SSLeay-0.8.1 source tree, using the appropriate
	configuration options for compiling with VisualC 1.5.2C and
	VisualC 5.0 on Windows 3.1 and Windows NT respectively.

eayusa16.def, eayusa32.def:
sslusa16.def, sslusa32.def:
	Cutdown versions of the DLL exports definition file, to be
	copied over, respectively, libeay16.def, libeay32.def, ssleay16.def,
	and ssleay32.def in the "ms" subdirectory.

msw16, msw32:
	Contents of the "out" directory after the build, including .LIB
	import libraries and .DLLs.

You may wish also to check the PGP detached signatures for of the ZIP files,
which should be in SSLeay-0.8.1-DSA-msw16.pgp and SSLeay-0.8.1-DSA-msw32.pgp

Configuration:
--------------

The batch files instruct perl to configure the following:
	no-md2	- MD2 is considered weak
	no-sha	- You should use sha1
	no-mdc2	- I didn't need it.  It's not widely used.
	no-rc2	- Resembles an RSADSI proprietry algorithm
	no-rc4	- Resembles an RSADSI proprietry algorithm
	no-idea	- Patented in the USA, Japan and Europe by ASCOM
	no-bf	- Not needed.
	no-rsa	- Patented by RSADSI

Note that md5 is still required for the CApath directory hashing.
Additionally, since the remaining ciphers cannot operate with SSLv2,
that is disabled.

The DLLs use the same entry-point numbers as the standard full SSLeay build,
and so should be plug-replaceable (provided your application doesn't request
or access deconfigured features, in which case it would either fail, or pop
a fatal message box saying "Undefined Dynalink" or suchlike).

All trademarks are the property of their respective owners.

Cheers!

Clifford Heath                    http://www.osa.com.au/~cjh
Open Software Associates Limited       mailto:cjh@osa.com.au
29 Ringwood Street / PO Box 4414       Phone  +613 9871 1694
Ringwood VIC 3134      AUSTRALIA       Fax    +613 9871 1711
------------------------------------------------------------
Deploy Applications across the net, see http://www.osa.com
