The first part of David's suggestion is correct: your best bet is to get your own legal counsel.
If the charities want to deploy it for their own use, e.g., with Apache so they can take donations over the net :), then disregard the license exemption. Here, your primary concern is: does my use (in the US) of openssl violate any patents? The news is mostly good. RSA has expired. The RC4-compatible crypto implementation in openssl *might* be RSA, Inc., property, but you're not liable. It could have possibly been trade secret. At any rate, the cipher is ARC4, not RSA's RC4, so don't worry. IDEA, not typically used in SSL/TLS, is patented. Build your version with -DNO_IDEA (or whatever the flag is). That's my advice. I'm not a lawyer, and more importantly, I'm not *your* lawyer. /r$ David Schwartz wrote: > On Fri, 24 May 2002 15:28:44 -0700 (PDT), john traenky wrote: > >>OpenSSL is the cornerstone for Open Source projects >>using encryption. Has anyone done an analysis of what >>legalities need doing to use it legally in the United >>States? I have several charities and the like who'd >>love to use it but can't risk a legal conflict. TIA. > > > Read the laws yourself and come to your own conclusions or hire a lawyer. > That said, it is my opinion that you are more or less okay if you publish > your source code. Otherwise, you need to obtain a license or license > exemption. This procedure is quite straightforward. > > DS > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]