Author: jfthomps
Date: Wed Jul 19 14:02:47 2017
New Revision: 1802395
URL: http://svn.apache.org/viewvc?rev=1802395&view=rev
Log:
added TSU Notification section
Modified:
vcl/site/trunk/content/downloads/download.mdtext
Modified: vcl/site/trunk/content/downloads/download.mdtext
URL:
http://svn.apache.org/viewvc/vcl/site/trunk/content/downloads/download.mdtext?rev=1802395&r1=1802394&r2=1802395&view=diff
==============================================================================
--- vcl/site/trunk/content/downloads/download.mdtext (original)
+++ vcl/site/trunk/content/downloads/download.mdtext Wed Jul 19 14:02:47 2017
@@ -108,6 +108,36 @@ releases, you do not need to import it a
:::Text
gpg --verify apache-VCL-2.4.2.tar.bz2.asc
+## TSU Notification - Encryption
+This distribution includes cryptographic software. The country in which you
+currently reside may have restrictions on the import, possession, use, and/or
+re-export to another country, of encryption software. BEFORE using any
+encryption software, please check your country's laws, regulations and policies
+concerning the import, possession, or use, and re-export of encryption
software,
+to see if this is permitted. See <http://www.wassenaar.org/> for more
+information.
+
+The U.S. Government Department of Commerce, Bureau of Industry and Security
+(BIS), has classified this software as Export Commodity Control Number (ECCN)
+5D002.C.1, which includes information security software using or performing
+cryptographic functions with asymmetric algorithms. The form and manner of this
+Apache Software Foundation distribution makes it eligible for export under the
+License Exception ENC Technology Software Unrestricted (TSU) exception (see the
+BIS Export Administration Regulations, Section 740.13) for both object code and
+source code.
+
+The following provides more details on the included cryptographic software:
+
+The web and backend portions of the code utilize php and perl functions to
+encrypt password information stored in the database. The web code utilizes php
+functions to encrypt cookie information passed to and stored in users'
browsers.
+The backend code uses openssh to connect to and control deployed nodes. openssh
+heavily uses encryption.
+
+Addionally, the web portion of the code includes portions of the phpseclib
+library. This library is only used for PHP versions not supporting the function
+"openssl_encrypt" (supported since PHP 5.3.0).
+
## Installation
For new installs, visit the on-line installation guide:
