[openssl-users] ECC ciphers in OpenSSL and Citricom Patent/License terms

Michael Wojcik Michael.Wojcik at microfocus.com
Thu Dec 7 14:05:32 UTC 2017

> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
> Of Jakob Bohm
> Sent: Thursday, December 07, 2017 08:41
> To: openssl-users at openssl.org
> And I would still say that "consult a lawyer" is a useless answer,
> especially as most OpenSSL users will be in the same legal situation,
> and lawyers opinions on patent matters are frequently found by courts
> to be wrong anyway.

Well, I suppose we'll have to disagree on that point. Speaking hypothetically, if I were the product owner for a commercial software product that used OpenSSL, I would most certainly be raising the question with corporate counsel.

This is a complex and fraught area, and the OpenSSL Foundation is not able (and I'm sure not inclined to try) to indemnify OpenSSL users against infringement claims. To a large extent it doesn't matter what they say. A license file in the OpenSSL distribution is not likely to discourage an IP owner from claiming infringement if they're so inclined. At that point "local" lawyers will be involved whether you like it or not.

I also don't believe that "most OpenSSL users will be in the same legal situation". Here again, patent law is complicated. And more importantly, well-heeled users are much more likely targets of actual infringement claims, which is a very different situation indeed.

Michael Wojcik 
Distinguished Engineer, Micro Focus 


More information about the openssl-users mailing list