In perusing the documentation of Mod_SSL, I came across these two sections:
------------
At least two countries with heavy cryptography restrictions are well known:
In the United States (USA) first it's not allowed to (re-)export mod_ssl or
OpenSSL and second it's not allowed to use Apache+mod_ssl+OpenSSL (because
of patent issues on the RSA and RC4 algorithms) unless OpenSSL is built with
RSA DSI's RSAref package and used for non-commercial purposes only. And
inside France it's not allowed to use any cryptography at all when keys with
more than 40 bits are used.
------------
------------
As of this writing (end of the year 1999) the major difference is the RSA
license which one receives (very cheaply in contrast to a direct licensing
from RSA DSI) with the commercial Apache SSL products. On the other hand,
one needs this license only in the US, of course. So for non-US citizens
this point is useless. And even for US citizens the situations is at least
solved next year (September 20th, 2000) when the RSA patent expires.
------------
What does all this mean? Is it legal for me, in the US, to use
Apache+mod_ssl+OpenSSL for commercial purposes? Do I read it correctly that
it isn't legal for me at the moment, but will be after September 20th, 2000?
Could someone clarify this for me?
Thanks,
Tim Willis
IS Technician
Code Rite
[EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
