OpenSSL export/import restrictions

Posted By: D3D

OpenSSL export/import restrictions - 12/17/07 04:43

Wanted to enable SSL in a freeware dll for MySQL i'm working on. However, the OpenSSL website had this message:

Quote:

This software package uses strong cryptography, so even if it is created, maintained and distributed from liberal countries in Europe (where it is legal to do this), it falls under certain export/import and/or use restrictions in some other parts of the world.

please remember that export/import and/or use of strong cryptography software, providing cryptography hooks or even just communicating technical details about cryptography software is illegal in some parts of the world. so, when you import this package to your country, re-distribute it from there or even just email technical suggestions or even source patches to the author or other people you are strongly advised to pay close attention to any export/import and/or use laws which apply to you. the authors of openssl are not liable for any violations you make here. so be careful, it is your responsibility.

http://openssl.org

So i'm living in the Netherlands, will I get in trouble if I compile OpenSSL with this MySQL plugin for GameStudio and distribute it as freeware from my website located in America? Must I warn people "from lesser liberal countries" not to use or they get arrested??

Posted By: Michael_Schwarz

Re: OpenSSL export/import restrictions - 12/17/07 09:23

I dont think you must be worried. I think this applies to less liberal countries as Cuba or those countries with "-istan" at the end...(to not name specific ones) where the government kinda wants to control and know everything....

Posted By: PHeMoX

Re: OpenSSL export/import restrictions - 12/17/07 23:53

Actually it's perfectly legal in Cuba itself, but it's other countries that do not allow such cryptographic code to be released to "these" countries.

The Netherlands is not one of "these" though, so I don't think you can get into legal problems here. Since your website is one on a American server it would be wise to be cautious with it (or host these files on a Dutch server).

If you want to be on the safe side legally, just make sure people visiting your site must sign an extra license which states that people from countries in which it's not legal to download these cryptography related codes are not allowed to download this from your site.

It's a bit odd though, because anyone can download that open source project... not just from your site if you choose to use it, it's all over the net,

Cheers

Posted By: D3D

Re: OpenSSL export/import restrictions - 12/18/07 20:05

Ok I have made the DLL ready for use with SSL. Actually this is a professional feature because not everyone will be needing SSL or can allow it on their shared website hosting service. Another problem is that it looks like SSL isn't compiled inside Windows binaries for MySQL (you need to do this yourself?) or used by default. Present in Linux though. I can only test on XWAMP which has OpenSSL.

How about Canada? Do they have problems with Cuba or these restrictions? I can put a warning on my website about the legal issue, but I rather remove the SSL feature and make the DLL available for everyone in the world.