I believe you do not need a license for openssl in _ANY_ country in the world.
OpenSSL is open source and the copyright
specifically allows you to use it for whatever purposes you choose.
Secondly - there is the issue of export of any software you might create which may use
certain features in openSSL. If you were
in the USA - you are prevented by law to export to other than Canada and perhaps
Mexico. We have free trade agreements
here and various other common market agreements which allow export under certain
circumstances. It is because of this that
US citizens can export to Canada. It is also probably because we have certain spy
agencies like the NSA (in the US) and the
CES in Canada and they have nice little agreements. For instance it is illegal for
the US NSA to spy on US citisens so they let
the CES in Canada do it - and similarly it is illegal for the CES to spy on Canadians
so they let the NSA do it.
Here's an asside we probably shouldn't laugh about:
Last year I sent off a perfectly innocent email that had some names for certain
explosives in it - and since I suspected the NSA
would read the email I incorporated a PS addressed specifically to the folks in the
NSA and suggested they check out one of
my websites. Within 24 hours this was in the server logs:
intruder.naswi.navy.mil - - [01/Sep/1998:12:35:58 -0600] "GET / HTTP/1.0" 200 2009
intruder.naswi.navy.mil - - [01/Sep/1998:12:35:59 -0600] "GET /worldmap.jpg HTTP/1.0"
200 11086
--------------------------
Anyway - to the best of my knowledge we Canadians can export anything we want
anywhere, unless it originates in the US..
Assies and Brits I beleive falls into the same category, expect that they "probably"
can re-export US origion goods if they
legally import them. In some countries you can not use strong crypto at all (but
openssl supports both strong and weak). In the
US you can use openssl and other strong crypto software regardless of source (except
possibly if it comes from some
counties like Libia) but you can not freely export. Some argue that you can not
export software that has hooks for strong
encryption but no one has demonstrated to me how one might construct an application
that a good programmer could not slip
a new library into - even if it required patching the executable.
I think the bottom line is that any US companies wishing to market software with
strong encryption should simply sell a license
to say an Australian company and let the Aussies do a simple integration with the
strong crypto. We Canadians can not legally
do something like this - but I think Aussies and Brits can.
I hope this clarifies.. I'm not a lawyer but I've hired same for specifically this
kind of info.
On Sat, 9 Oct 1999 15:13:20 +0100 (BST), Colin wrote:
>Could someone point me in the direction of some easy to unerstand info
>about the legality of using openssl/mod-ssl for apache in the UK? I can't
>figure out whether I HAVE to get a license or not.
>
>thanks in advance, and sorry to ask what must be a fairly FAQ (but I still
>can't find a FAQ with a simple answer!)
>
>Colin
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
