[openssl-users] ECC patent status questions

Jakob Bohm jb-openssl at wisemo.com
Thu Sep 1 12:22:20 UTC 2016

Dear OpenSSL team,

Given the recent patent lawsuit between RIM/CertiCom and Avaya
mentioning the ECC code in OpenSSL, what is (according to the
OpenSSL team) the patent status of the ECC code in OpenSSL?


- Was the OpenSSL ECC code provided under a still-valid patent
  license from someone in the power to grant it, perhaps Sun
  (now Oracle America)?

- Is the FIPS mode ECC covered through some US Government or
  sponsor license?,  And if so, does this license extend to
  some non-FIPS scenarios, such as invoking the FIPS blob ECC
  code from a non-FIPS application (perhaps by modifying a
  FIPS-capable OpenSSL library to do so even in non-FIPS

- Are there portions of the ECC code in OpenSSL which one
  should disable at configure time, similar to how RSA and
  IDEA were often disabled in the past?

- Is this situation different depending on the OpenSSL
  library version?


Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded 	

More information about the openssl-users mailing list