> Sorry I forgot to say WE DO NOT MODIFY THE LIBRARY...
I can't imagine why you think that would matter. The library is not what
you're exporting.
> We are a high performance http proxy cache developement company. iMimic
Networking. We use > OpenSSL library for interacting with browsers/server
for https traffic. We are told by our > attorney that since you are
exporting the product outside US we have to be compatible with > encrytion
key length requirement which I think is 56 bit maximum.
That's totally old information. Read the BXA information.
> We do NOT modify OpenSSL library we just use API library call.
>What are we supposed to do in order to make our product US Export compliant
?
Read and follow the export guildelines, and apply for a license or
confirmation that you don't need one (a waiver).
I can't imagine what you think we could do to help you. Read the rules and
follow them. It really is that simple. Comply with the restrictions for the
type of license you decide to get.
> I did not mean to get legal advice from a maling list but wanted to know
general
> idea as to normally US companies who export their products "do they need
to configure
> openssl specially so that it uses only EXPORT ciphers" ?
Your question really isn't comprehensible. You aren't going to expose
OpenSSL to users, right? So what does it matter what OpenSSL itself does?
You will have to ensure that you don't use OpenSSL in a way that violates
the requirements for the type of license or waiver you get.
The you are using (and not modifying) OpenSSL is really irrelevant. The BXA
doesn't care *how* you do what you do, they just care *what* you do (or,
more precisely, what your software is *capable* of doing).
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
