Jeffrey Altman wrote: > Calling OpenSSL (or any other API that encrypts messages) is > "crypto with a hole". This is illegal to export from the United > States. Realy? Do you explicitly call any non-export algortihm? I could understand Kerberos, where DES was called, so DES calls had to be removed, but your case looks different... BTW: If you're right then any software using Microsoft CryptoAPI breaks EAR regulations. Regards, Mike ---- Michal Trojnara * +48 501 00 12 43 IT Security Officer * PTK Centertel ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]