[openssl-users] OpenSSL and sourc'ing countries (was: calloc vs kssl_calloc)

Jeffrey Walton noloader at gmail.com
Sat Oct 1 21:01:16 UTC 2016

>>> Is there something more I should do on this issue?  I recall the OpenSSL
>>> terms of use strongly discouraged people from the US from helping, due to US
>>> export restrictions.
>> That's kinda outdated.
> However there are very many OpenSSL users (myself included)
> who rely on the legal status of OpenSSL/SSLeay as having no
> US origin parts.  If this has changed, it needs a big red
> banner at the top of the www.openssl.org, every affected
> source file with the original EAY copyright boilerplate or
> its OpenSSL clone etc.

That's kind of interesting. Are you saying there are countries where
you can source and import your crypto from some countries, but not
other countries?

As I understand the US procedures from working with DoC and BIS, you
don't need an import license (only an export license). But I'd be
interested in hearing how some countries are trying to control the
crypto from the import side of the equation.

More humorously, does import versus export even matter? The crypto
genie is out of the bottle. It can't be put back.


More information about the openssl-users mailing list