There was nothing to enforce. This concern is made-up. Again: the people telling you this were there in the 90s, in the workforce, "dealing with" this stuff. The far bigger problem was that the maintainers of Apache's SSL code wanted a license fee to use it. I do get that if you were 7 years old at the time, and in France, it might have seemed complicated, because of the (unenforced) export rule, but that rule didn't matter to Americans or in any meaningful way restrict our access to encryption.