This archive contains the common files for MiamiSSL, an implementation of SSL (Secure Socket Layers) for Miami. The archive does NOT contain any encryption code and therefore MAY be exported from the US. MiamiSSL is available FREE OF CHARGE to ALL registered users of Miami. To use MiamiSSL you need ALL of the following: - REGISTERED Miami 2.1 or higher. - Miami keyfiles in the new keyfile format (see the separate announcement regarding keyfiles). - This archive. - One of the MiamiSSL encryption libraries. Please see below for more information on these. - reqtools.library version 38 or higher. You can get a current version of reqtools.library from Aminet. - Software supporting MiamiSSL. At the moment Voyager-NG supports MiamiSSL in its latest release version (available from www.vapor.com). As SSL requires various algorithms for strong encryption, it is a bit difficult to find legal ways to use and distribute it everywhere. This is why the MiamiSSL encryption libraries (which contain the encryption code required for SSL) are kept separate from the MiamiSSL main archive, and are NOT available from public sources such as Aminet, but only by other means. Currently two versions of the MiamiSSL encryption library exist: - miamisslusa.library: For use by US/Canadian citizens living in the USA or Canada. This library is ONLY available directly from me on request (fifth step in MiamiRegister), and ONLY to citizens of USA or Canada. It MAY ONLY be used within the USA and Canada, and MAY NOT be exported to other countries, or be made available for export in any way (e.g. by uploading it to public software sites). If you violate these rules then you may be subject to criminal prosecution under US/Canadian federal law. To my best knowledge miamisslusa.library does NOT contain any algorithms which are patented in the USA, or covered by similar software rights, except for RSA, which is implemented using the RSAref suite, licensed for freeware/shareware use. This means miamisslusa.library is, to my best knowledge, legal to use in the USA. However I will not take any responsibility for the validity of this statement -- use at your own risk ! One drawback: for legal reasons miamisslusa.library does NOT implement the algorithms RC2 and RC4, and as a result is NOT interoperable with servers which ONLY support these algorithms (e.g. the export versions of many commercial web servers, such as Netscape's server). miamisslusa.library can only connect to servers which support DES or IDEA, or which allow unencrypted SSL connections. It is, for instance, compatible to SSL-adapted versions of the Apache web server, and to web servers based on SSLeay or MiamiSSL. - miamisslintl.library: For use by anyone who lives outside of the USA and Canada. This library was built outside of the USA (without exporting encryption material from the USA), and is ONLY available from sources outside of the USA (currently only from www.vapor.com). It MAY NOT be UPLOADED to public software sites in the USA, it MAY NOT be EXPORTED from the USA, and it MAY NOT be USED in the USA, because it supports RC2 and RC4, algorithms which are legally protected in the USA. Note to US/Canadian users: To make this point perfectly clear: YOU MAY NOT USE miamisslintl.library IN THE USA OR CANADA ! miamisslintl.library implements algorithms which are covered by patents and other rights in the USA (and possibly in Canada), and its use without proper licenses is thus illegal in these countries, as explained to you here and in the README file accompanying miamisslintl.library. I hereby explicitly inform you that I DO NOT have a license to use RC2/RC4 in the USA or Canada, that miamisslintl.library was released WITHOUT such a license, and to non-US/Canadian users only, and that you may therefore NOT use it in the USA or Canada. If you violate this rule then you may be subject to criminal prosecution under US/Canadian federal law and/or civil lawsuits. In any case I WILL NOT be liable or responsible for your illegal use, or any consequences arising from it. Note to international users: The fact that miamisslintl.library is AVAILABLE to you does NOT necessarily mean that it is LEGAL to use. It is YOUR responsibility to check the laws in your country, state or city, to find out about any restrictions on the use of cryptographic software or the particular algorithms implemented in miamisslintl.library (RSA, DES, MD2, MD5, RC2, RC4, SHA, SHA1) in your area BEFORE using miamisslintl.library. In particular, as far as I know the use of strong cryptography is currently entirely prohibited in France and Iraq, so people in these countries may probably NOT use miamisslintl.library at all. miamisslintl.library DOES implement RC2 and RC4, and therefore interoperates with all known web servers (including Netscape), but it does NOT implement IDEA, because of licensing restrictions in many countries. However so far this has not turned out to be a problem with any servers. Summarizing, what you need to do to use MiamiSSL with Voyager-NG is, step-by-step: - Ensure that you have reqtools.library V38 or higher installed. If you don't have it then get the ReqTools archive from Aminet (util/libs/ReqToolsUsr.lha). - Download Miami 2.1 from www.nordicglobal.com and install it "over" your current Miami registration. - Register Miami, if you have not already done so, and wait for your keyfile to arrive. - In the "About" requester of Miami check if your keyfiles are already "Keyfile version 2" (near the bottom of the requester). If you still have "Keyfile version 1", then execute the fourth step in MiamiRegister ("Upgrade keyfile version 1->2") and wait for my email response. - Users in the USA/Canada: Execute the fifth step in MiamiRegister to order your copy of miamisslusa.library. Wait for my email response, and install the library as described in the email. - Users outside the USA/Canada: Get miamisslintl.library, currently from www.vapor.com, and install the library as described in the archive. - Install the contents of this archive using the included Installer script. - Get Voyager-NG from www.vapor.com and install it. After that Voyager-NG should automatically use MiamiSSL for "https:" URLs. One more comment: At the moment the distribution of MiamiSSL is mostly targetted towards web browsers such as Voyager-NG and other clients, and does not include most of the SSL server tools (to handle certificates, keyfiles etc.) However all server functionality IS implemented and tested in MiamiSSL, and updated installation archives and instructions for server operation, certificate testing and management etc. will be released once the first MiamiSSL-aware servers for AmigaOS become available. If you are interested in adding MiamiSSL support to your software please contact me at "kruse@nordicglobal.com". One of the nice features of MiamiSSL is that it allows software authors to support SSL in their applications without having to deal with the tedious legal implications.