Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

OpenSSL Moves to Apache 2.0 Software License

DZone's Guide to

OpenSSL Moves to Apache 2.0 Software License

If you deal with security at all, then you need to know this information. Read on to find out about this change.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

OpenSSL has completed a re-licensing effort, resulting in adoption of Apache 2.0. The project announced this effort in 2015. The project got permission from contributors via a CLA.

The OpenSSL/SSLeay license was a non-standard permissive license, which included attribution clauses of the kind deprecated in Apache 1.0, such as:

All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

And the mysterious statement:

The licence and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence * [including the GNU Public Licence.]

This caused many to wonder whether the license was truly permissive. Over the years, users (and reluctantly, their lawyers) accepted it as permissive, but not without some angst.

Kudos to the project for clarifying and harmonizing the license for this ubiquitous bit of software.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
security ,openssl ,apache ,license

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}