1. Forum
  2. Usenet
  3. COMP.SYS.TANDEM

  • OPENSSL export licensing question

    From Warren M@21:1/5 to All on Sun Oct 8 13:06:30 2023
    This is not directly related to HP NonStop, but I thought this would be a good place to ask.

    I'm currently working with a non-profit organization that is using OpenSSL in a software product. Their product runs on 5 platforms (IOS, MAC, Android, PC and Linux). Concerns have been raised about whether it's legal to export their software since it
    contains OpenSSL.

    To those of you that have supported OpenSSL with customers outside of the United States, have you run into any export concerns?

    To my knowledge, OpenSSL for NonStop is freely available to ITUG members to download regardless of their location (assuming here explicitly embargoed countries are excluded).

    Can anyone shed some light on the legalities involved?

    Regards to all,
    Warren Mason

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Randall@21:1/5 to Warren M on Mon Oct 9 12:07:46 2023
    On Sunday, October 8, 2023 at 4:06:32 p.m. UTC-4, Warren M wrote:
    This is not directly related to HP NonStop, but I thought this would be a good place to ask.

    I'm currently working with a non-profit organization that is using OpenSSL in a software product. Their product runs on 5 platforms (IOS, MAC, Android, PC and Linux). Concerns have been raised about whether it's legal to export their software since it
    contains OpenSSL.

    To those of you that have supported OpenSSL with customers outside of the United States, have you run into any export concerns?

    To my knowledge, OpenSSL for NonStop is freely available to ITUG members to download regardless of their location (assuming here explicitly embargoed countries are excluded).

    Can anyone shed some light on the legalities involved?

    Regards to all,
    Warren Mason

    Hi Warren,

    You should reach out to openssl.org for information about exporting OpenSSL. While any Connect/ITUG member can technically download the software, and anyone can download the source from GitHub.com, it is up to the customer to ensure that all laws of any
    country involved are being followed. There are countries where it is actually illegal to import encryption software, but I cannot give you examples. ITUGLIB is "download at your own risk", so you are responsible for if you illegally download OpenSSL or
    package OpenSSL with your code and deliver it as a product. With my other hat on, as the provider of T1198, which has a transitive dependency on OpenSSL via git, it is the customer's responsibility to obtain the appropriate encryption software - we
    deliberately do not package OpenSSL with T1198 for the reasons you are citing (a.k.a. export concerns), so we leave it to the customer to worry about the legalities.

    I realize this does not directly answer your question, but yes, there are export concerns you should investigate. The FTC and/or State Department in the US may be able to help you with specific export situations. If you put your software on a Play Store,
    there are likely terms of use of those platforms that make it your responsibility.

    Good Luck,
    Randall Becker
    (Not an import/export lawyer)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From gcav@21:1/5 to Warren M on Tue Oct 10 18:30:52 2023
    Take a look at: https://www.tradecompliance.pitt.edu/embargoed-and-sanctioned-countries

    Under the table, if the country you are dealing with is not mentioned, then you are ok.

    if you want to go down the rabbit hole: https://www.govinfo.gov/content/pkg/CFR-2012-title22-vol1/pdf/CFR-2012-title22-vol1-sec126-1.pdf

    gc



    On Sunday, October 8, 2023 at 2:06:32 PM UTC-6, Warren M wrote:
    This is not directly related to HP NonStop, but I thought this would be a good place to ask.

    I'm currently working with a non-profit organization that is using OpenSSL in a software product. Their product runs on 5 platforms (IOS, MAC, Android, PC and Linux). Concerns have been raised about whether it's legal to export their software since it
    contains OpenSSL.

    To those of you that have supported OpenSSL with customers outside of the United States, have you run into any export concerns?

    To my knowledge, OpenSSL for NonStop is freely available to ITUG members to download regardless of their location (assuming here explicitly embargoed countries are excluded).

    Can anyone shed some light on the legalities involved?

    Regards to all,
    Warren Mason

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)