> > In my experience if you just refer to the SSL/TLS spec you're fine.
>
>Really? Even if you don't specify any algorithms or key lengths in detail?
Yeah. We just said RSA key exchange (512 through 2048 bits typical)
for symmetric encryption key. For details, see RFC .
>Where did you get t
> > If you dynamically
> > link to OpenSSL, you may have no idea or control over what
> > algorithms and
> > key lengths you wind up using. This makes the form impossible
> > to fill out.
>
> In my experience if you just refer to the SSL/TLS spec you're fine.
Really? Even if you don't spe
> If you dynamically
> link to OpenSSL, you may have no idea or control over what algorithms and
> key lengths you wind up using. This makes the form impossible to fill out.
In my experience if you just refer to the SSL/TLS spec you're fine.
> If your product includes the OpenSSL libraries, you'd
> I was told that even though our program is only supporting
> limited key lengths, it can not be exported as it is linking to
> OpenSSL which has the logic to support larger key lengths and
> strong ciphers.
This is a misleading thing to say. But in general, it's true that it's very
diff
>Hi,
>I have a question about distribution of software which is based on OpenSSL
libraries considering US export regulations.
>We are planning to use OpenSSL library to develop a program with
functionality similar to that of HTTPS client/server. We >will be linking
our code (static or dynamic -
Someone in your company is responsible for trade and/or export regulations. Find out
who that is and contact them for guidance. While regulations have become more liberal
in some cases, they are always changing so it's good to get up-to-date advice from
someone whose job it is to follow the regu
Regarding exportability, last I heard export restrictions had been
relaxed somewhat for friendly nations. However I'm not American and do
not live in the US so not sure.
Please, the situation is confusing enough without uninformed speculation.
Exporting something which implements HTTP/SSL -- full
Are you actually implementing HTTPS, or are you just using SSL over TCP
for your own application?
We are planning to create two versions of our program
This may not be necessary.
Is an export license or review by the authorities required for this kind of application?
If you use crypto, you need
Off the home page:
OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style licence, which basically means that you are free to get and
use it for commercial and non-commercial purposes subject to some simp
