At the end of the last millennium, the US had more vigorous export controls on strong cryptographic software than exist today in late 2021.
This legal environment forced software distributors to deliberately supply their customers with known-weak cryptography ("export ciphersuites", which were still causing security weakness decades later), or in some cases to change how they operated.
The Debian operating system dealt with this situation by splitting their operating system into two parts: one software archive that did not include strong cryptography, and could be distributed from anywhere, including the US, and another software archive that did include strong cryptography, and could be distributed only from outside the US (the US had no import restrictions on strong cryptography). Designing and implementing this arrangement was a non-trivial amount of work for the developers, administrators, and lawyers involved, but it worked and was maintained for several years (from 1997 to 2005). Undoing the split (re-merging the archives once the restrictions were relaxed) itself took a non-trivial amount of work.
At the end of the last millennium, the US had more vigorous export controls on strong cryptographic software than exist today in late 2021.
This legal environment forced software distributors to deliberately supply their customers with known-weak cryptography ("export ciphersuites", which were still causing security weakness decades later), or in some cases to change how they operated.
The Debian operating system dealt with this situation by splitting their operating system into two parts: one software archive that did not include strong cryptography, and could be distributed from anywhere, including the US, and another software archive that did include strong cryptography, and could be distributed only from outside the US (the US had no import restrictions on strong cryptography). Designing and implementing this arrangement was a non-trivial amount of work for the developers, administrators, and lawyers involved, but it worked and was maintained for several years (from 1997 to 2005). Undoing the split (re-merging the archives once the restrictions were relaxed) itself took a non-trivial amount of work.
One document that describes some of the legal/administrative context in merging the archives together is Exploring Cryptographic Software in Debian's Main Archive.