Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
OPENSSL export licensing question
143 views
Skip to first unread message
Warren M
Oct 8, 2023, 4:06:32 PM10/8/23
to
This is not directly related to HP NonStop, but I thought this would be a good place to ask.
I'm currently working with a non-profit organization that is using OpenSSL in a software product. Their product runs on 5 platforms (IOS, MAC, Android, PC and Linux). Concerns have been raised about whether it's legal to export their software since it contains OpenSSL.
To those of you that have supported OpenSSL with customers outside of the United States, have you run into any export concerns?
To my knowledge, OpenSSL for NonStop is freely available to ITUG members to download regardless of their location (assuming here explicitly embargoed countries are excluded).
Can anyone shed some light on the legalities involved?
Regards to all,
Warren Mason
I'm currently working with a non-profit organization that is using OpenSSL in a software product. Their product runs on 5 platforms (IOS, MAC, Android, PC and Linux). Concerns have been raised about whether it's legal to export their software since it contains OpenSSL.
To those of you that have supported OpenSSL with customers outside of the United States, have you run into any export concerns?
To my knowledge, OpenSSL for NonStop is freely available to ITUG members to download regardless of their location (assuming here explicitly embargoed countries are excluded).
Can anyone shed some light on the legalities involved?
Regards to all,
Warren Mason
Randall
Oct 9, 2023, 3:07:47 PM10/9/23
to
You should reach out to openssl.org for information about exporting OpenSSL. While any Connect/ITUG member can technically download the software, and anyone can download the source from GitHub.com, it is up to the customer to ensure that all laws of any country involved are being followed. There are countries where it is actually illegal to import encryption software, but I cannot give you examples. ITUGLIB is "download at your own risk", so you are responsible for if you illegally download OpenSSL or package OpenSSL with your code and deliver it as a product. With my other hat on, as the provider of T1198, which has a transitive dependency on OpenSSL via git, it is the customer's responsibility to obtain the appropriate encryption software - we deliberately do not package OpenSSL with T1198 for the reasons you are citing (a.k.a. export concerns), so we leave it to the customer to worry about the legalities.
I realize this does not directly answer your question, but yes, there are export concerns you should investigate. The FTC and/or State Department in the US may be able to help you with specific export situations. If you put your software on a Play Store, there are likely terms of use of those platforms that make it your responsibility.
Good Luck,
Randall Becker
(Not an import/export lawyer)
gcav
Oct 10, 2023, 9:30:54 PM10/10/23
to
Take a look at:
https://www.tradecompliance.pitt.edu/embargoed-and-sanctioned-countries
Under the table, if the country you are dealing with is not mentioned, then you are ok.
if you want to go down the rabbit hole:
https://www.govinfo.gov/content/pkg/CFR-2012-title22-vol1/pdf/CFR-2012-title22-vol1-sec126-1.pdf
gc
https://www.tradecompliance.pitt.edu/embargoed-and-sanctioned-countries
Under the table, if the country you are dealing with is not mentioned, then you are ok.
if you want to go down the rabbit hole:
https://www.govinfo.gov/content/pkg/CFR-2012-title22-vol1/pdf/CFR-2012-title22-vol1-sec126-1.pdf
gc
0 new messages