Hi All,
I've searched the FAQ and searched the mail list, an I have no answers, but
I'm sure someone has to have asked the question before.
What my company is trying to do is create serveral packages that include
OpenSSL to fit each group of it's customers. The options that we have are:
RSA Strong encryption - US Customers with an RSA license
No RSA Strong encryption - US Customers with no RSA license
RSA Export encryption - Non US Customers
No RSA Export encryption - Basic shipment to everyone. Everyone's happy
carte blanche V. legal.
Despite the fact that *I* am based in the UK, I believe that my company is
shipping with *it's* -US- rules, this is not the problem. And RSA is not the
problem, configuring with no-rsa etc works AFAIK with the exception of NT
where def files need hacking, but that's not a problem.
The problem is I would like to know how to restrict the key length in the
S/W. The idea so far is to restrict the strong ciphers via our S/W -on top
of the OpenSSL Libs. Whilst this sort of works on Solaris and HP/UX as the
whole library that we ship is one lib. On NT, the libraries are dlls and we
have to ship the OpenSSL libs and our lib that links to it. So that anyone
who knows the API could get access to strong encryption -which is illegal-
and even IDEA -which we have no license to ship.
Now my understanding was that shipping ciphers out of the US was not the
fact that they was accessable, but that the ciphers were in there.
What I would like is someone to help me restrict the key length, or
straighten me out on the legal issue.
Thanks in advance;)
Rich
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
