Our current SSL support is provided through OpenSSL. We don't
have a licence exception for linking against OpenSSL. This will be an
issue for the Debian package, at the very least -- see
There are a number of ways around this:
1) Add an appropriate exception for OpenSSL to the licence. AFAICS, this
will require getting the consent of all contributors.
2) Moving to another SSL implementation which doesn't have
issues (e.g. GNU TLS or yassl).
I think that we should start with (1), and look at (2) in the long term or if
we can't get consent from everyone. OpenSSL works well, at least on RISC OS,
and changing it may be a lot of work.