We are planning to create two versions of our program
This may not be necessary.
Is an export license or review by the authorities required for this kind of application?
If you use crypto, you need to get a license. If you distribute/develop open source software, you don't need to get a license. In most cases getting a license is "just" a matter of formality.
I was told that even though our program is only supporting limited key lengths,> it can not be exported as it is linking to OpenSSL which has the logic to support
> larger key lengths and strong ciphers.
Whoever told you this does not know what they are talking about, or they simplified the situation so much that their advice is useless. For example, if you are shipping a self-contained system, their advice is irrelevant. If you are shipping statically-linked executable that has been stripped, their advice is probably irrelevant.
Get an export lawyer. Get the legal department of your company to find one.
/r$-- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
