32N/A The Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant
32N/A web server. Originally designed as a replacement for the NCSA HTTP
32N/A Server, it has grown to be the most popular web server on the
32N/A Internet. As a project of the Apache Software Foundation, the
32N/A developers aim to collaboratively develop and maintain a robust,
32N/A commercial-grade, standards-based server with freely available
32N/A Details of the latest version can be found on the Apache HTTP
32N/A The documentation available as of the date of this release is
32N/A up-to-date documentation can be found at
32N/A Please see the file called INSTALL. Platform specific notes can be
32N/A Please see the file called LICENSE.
911N/A Cryptographic Software Notice
911N/A -----------------------------
32N/A This distribution may include software that has been designed for use
32N/A with cryptographic software. The country in which you currently reside
32N/A may have restrictions on the import, possession, use,
and/or re-export
32N/A to another country, of encryption software. BEFORE using any encryption
32N/A software, please check your country's laws, regulations and policies
concerning the import, possession, or use, and re-export of encryption
The
U.S. Government Department of Commerce, Bureau of Industry and
Security (BIS), has classified this software as Export Commodity
Control Number (ECCN)
5D002.C.1, which includes information security
software using or performing cryptographic functions with asymmetric
algorithms. The form and manner of this Apache Software Foundation
distribution makes it eligible for export under the License Exception
ENC Technology Software Unrestricted (TSU) exception (see the BIS
Export Administration Regulations, Section 740.13) for both object
The following provides more details on the included files that
may be subject to export controls on cryptographic software:
Apache httpd 2.0 and later versions include the mod_ssl module under
for configuring and listening to connections over SSL encrypted
network sockets by performing calls to a general-purpose encryption
library, such as OpenSSL or the operating system's platform-specific
In addition, some versions of apr-util provide an abstract interface
for symmetrical cryptographic functions that make use of a
general-purpose encryption library, such as OpenSSL, NSS, or the
operating system's platform-specific facilities. This interface is
known as the apr_crypto interface, with implementation beneath the
/crypto directory. The apr_crypto interface is used by the
mod_session_crypto module available under
for optional encryption of session information.
Some object code distributions of Apache httpd, indicated with the
word "crypto" in the package name, may include object code for the
OpenSSL encryption library as distributed in open source form from
The above files are optional and may be removed if the cryptographic
functionality is not desired or needs to be excluded from redistribution.
Distribution packages of Apache httpd that include the word "nossl"
in the package name have been created without the above files and are
therefore not subject to this notice.
o If you want to be informed about new code releases, bug fixes,
security fixes, general news and information about the Apache server
subscribe to the apache-announce mailing list as described under
o If you want freely available support for running Apache please see the
o If you have a concrete bug report for Apache please see the instructions
o If you want to participate in actively developing Apache please
subscribe to the `dev@httpd.apache.org' mailing list as described at