On 5/9/2012 9:46 AM, nilesh wrote:
Hi,
In the SSL3.0 man page it is mentioned that the export type of cipher
suites are no longer supported.
US government has lifted the export restrictions.
Could someone please clarify what exactly is meant by export
restrictions? And are these cipher suites no longer commonly used?
Before US President Bill Clinton signed a directive that took
effect sometime in the year 2000, most encryption stronger than
40 bits (56 bits for a few years), was not allowed to be
exported from the US to anywhere except Canada without an almost
impossible to get permission for exporting "military weapons" .
Therefore, crypto software (such as browsers and e-mail
programs) made in the US and exported to the rest of the world
was limited to these uselessly weak cipher suites.
Software sold exclusively in the US and Canada, and software that
was made entirely outside the US (such as all OpenSSL/SSLeay
versions at the time) was not so restricted, but still needed to
be able to talk to the crippled "export grade" software. Thus
the "export cipher suites" are needed only when talking to now
hopelessly outdated software, and were (by design) never secure
anyway.
An additional twist to this story was that the various US-only
patents held by RSA data security sometimes prevented importing
OpenSSL into the US without a license from that company. Those
patents expired before the export restrictions went away.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
