cURL / Mailing Lists / curl-library / Single Mail


Re: libcurl encryption dependencies

From: Daniel Stenberg <>
Date: Tue, 5 Aug 2008 23:29:24 +0200 (CEST)

On Tue, 5 Aug 2008, Sebastian Good wrote:

> Hello all. I am trying to determine, for US Export Control purposes, whether
> it is possible to build a version of libcurl which does not contain any code
> implementing encryption algorithms. I know we can compile (and even download
> pre-compiled) binaries which do not have SSL support. However I am less
> familiar with what libcurl-supplied encryption may exist in the many
> authentication options supported, e.g. NTLM, Kerberos etc.

First, I don't even know what defines an "encryption algorithm" so I wouldn't
be able to answer the question very surely. For example we have an MD5
implementation included. Can that be seen as "encryption"?

Then, if you really really want this information to be certain, can you really
just ask on a list on the internet and trust a random person who replies?

> If I had to guess, libcurl would link to system-supplied libraries and did
> not actually implement these protocols themselves, but I'd like to hear that
> from the developers.

SSL (both HTTPS and FTPS) requires external SSL/TLS libs for encryption. NTLM
requires OpenSSL (or native Windows) for the crypto functions. Kerberos/GSS
requires external libs for the encryption. SFTP and SCP require external libs
for encryption...

> We'd really love to use libcurl while still obeying (the very stupid) US
> Export compliance laws.

I wasn't even aware they were still around! ;-)

Received on 2008-08-05