2362N/A The Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant
0N/A web server. Originally designed as a replacement for the NCSA HTTP
2362N/A Server, it has grown to be the most popular web server on the
0N/A Internet. As a project of the Apache Software Foundation, the
0N/A developers aim to collaboratively develop and maintain a robust,
0N/A commercial-grade, standards-based server with freely available
0N/A Details of the latest version can be found on the Apache HTTP
0N/A The documentation available as of the date of this release is
0N/A up-to-date documentation can be found at
0N/A Please see the file called INSTALL. Platform specific notes can be
0N/A Please see the file called LICENSE.
0N/A Cryptographic Software Notice
0N/A -----------------------------
0N/A This distribution may include software that has been designed for use
0N/A with cryptographic software. The country in which you currently reside
may have restrictions on the import, possession, use,
and/or re-export
to another country, of encryption software. BEFORE using any encryption
software, please check your country's laws, regulations and policies
concerning the import, possession, or use, and re-export of encryption
The
U.S. Government Department of Commerce, Bureau of Industry and
Security (BIS), has classified this software as Export Commodity
Control Number (ECCN)
5D002.C.1, which includes information security
software using or performing cryptographic functions with asymmetric
algorithms. The form and manner of this Apache Software Foundation
distribution makes it eligible for export under the License Exception
ENC Technology Software Unrestricted (TSU) exception (see the BIS
Export Administration Regulations, Section 740.13) for both object
The following provides more details on the included files that
may be subject to export controls on cryptographic software:
Apache httpd 2.0 and later versions include the mod_ssl module under
for configuring and listening to connections over SSL encrypted
network sockets by performing calls to a general-purpose encryption
library, such as OpenSSL or the operating system's platform-specific
In addition, some versions of apr-util provide an abstract interface
for symmetrical cryptographic functions that make use of a
general-purpose encryption library, such as OpenSSL, NSS, or the
operating system's platform-specific facilities. This interface is
known as the apr_crypto interface, with implementation beneath the
/crypto directory. The apr_crypto interface is used by the
mod_session_crypto module available under
for optional encryption of session information.
Some object code distributions of Apache httpd, indicated with the
word "crypto" in the package name, may include object code for the
OpenSSL encryption library as distributed in open source form from
The above files are optional and may be removed if the cryptographic
functionality is not desired or needs to be excluded from redistribution.
Distribution packages of Apache httpd that include the word "nossl"
in the package name have been created without the above files and are
therefore not subject to this notice.
o If you want to be informed about new code releases, bug fixes,
security fixes, general news and information about the Apache server
subscribe to the apache-announce mailing list as described under
o If you want freely available support for running Apache please see the
o If you have a concrete bug report for Apache please see the instructions
o If you want to participate in actively developing Apache please
subscribe to the `dev@httpd.apache.org' mailing list as described at