{{Short description|Open-source TLS and cryptography library}} {{Distinguish|OpenSSH}} {{Use mdy dates|date=May 2026}}
{{Infobox software | name = OpenSSL | logo = OpenSSL logo.svg | screenshot = UEFI Secure Boot DB certificate.png | screenshot alt = Terminal output of the openssl command displaying fields of an X.509 certificate | caption = {{code|openssl}} displaying an X.509 certificate for UEFI Secure Boot | author = Eric A. Young and Tim Hudson (SSLeay) | developer = The OpenSSL Project | released = {{Start date and age|1998|12|23}} | latest release version = 4.0.0 | latest release date = {{Start date and age|2026|04|14}}<ref name="openssl-40" /> | programming language = C, assembly, Perl | operating system = Unix-like systems, Microsoft Windows, OpenVMS, and other platforms | genre = Cryptography library, TLS implementation | license = 3.0 and later: Apache License 2.0; earlier releases: dual OpenSSL and SSLeay licenses<ref name="openssl-license" /> | website = {{URL|https://www.openssl.org/}} }}
'''OpenSSL''' is an open-source software library and command-line toolkit that implements the Transport Layer Security (TLS) protocol and a range of cryptographic functions. It is used by Internet servers, operating systems, application frameworks, programming-language runtimes, and embedded software to provide encrypted communications and certificate-based authentication.<ref name="openssl-3-release" /><ref name="wired-cii" /><ref name="ristic-bulletproof" />
The project began in 1998 as a continuation of SSLeay, an earlier SSL implementation written by Eric A. Young and Tim Hudson. OpenSSL became one of the most-used TLS libraries on the Internet, particularly for HTTPS. Its security, funding, and governance came under public scrutiny after the 2014 Heartbleed vulnerability, which prompted emergency patching across the Internet, new funding for critical open-source infrastructure, and forks including LibreSSL and BoringSSL.<ref name="openssl-20years" /><ref name="wired-cii" /><ref name="ars-cii" /><ref name="schneier-heartbleed" />
OpenSSL 1.1.1 added support for TLS 1.3 and was a long-term-support release.<ref name="securityweek-111" /><ref name="rfc8446" /> OpenSSL 3.0, released in 2021, introduced a provider architecture, restored FIPS support through a new FIPS provider, and changed the project license to the Apache License 2.0.<ref name="openssl-3-release" /> Later releases added support for QUIC and post-quantum cryptography.<ref name="openssl-35" /><ref name="openssl-40" /> OpenSSL 4.0, released in 2026, removed several deprecated features and introduced further incompatible changes.<ref name="openssl-40" />
Governance changed in 2024, when the OpenSSL Management Committee was dissolved and responsibilities were divided between the OpenSSL Foundation and the OpenSSL Corporation.<ref name="governance-2024" /> The codebase has also influenced derivative libraries, including LibreSSL, BoringSSL, AWS-LC, and QuicTLS.
== History ==
=== Origins in SSLeay ===
OpenSSL originated in SSLeay, an open-source implementation of SSL developed by Eric A. Young and Tim Hudson in the 1990s. SSLeay development effectively ended when Young and Hudson joined RSA Security.<ref name="openssl-20years" /> In late 1998, Mark Cox, Ralf Engelschall, Stephen Henson, Ben Laurie, and Paul Sutton formed the initial OpenSSL project team to continue development of the codebase.<ref name="openssl-20years" /><ref name="openssl-announce" /> The first OpenSSL release, version 0.9.1, was announced in December 1998.<ref name="openssl-announce" /> In a twentieth-anniversary retrospective, Cox wrote that all of the founding team except Henson were core developers of the Apache HTTP Server.<ref name="openssl-20years" />
=== Early development and adoption ===
During the 2000s, OpenSSL was deployed across Unix-like operating systems, web servers, mail servers, VPN software, and application runtimes. Its permissive licensing allowed use in both open-source and proprietary software, and the {{code|openssl}} command-line program became a common tool for generating keys, creating certificate-signing requests, inspecting certificates, testing TLS endpoints, and performing other cryptographic operations.<ref name="openssl-docs" /><ref name="viega-network-security" />
OpenSSL was also embedded as infrastructure inside larger systems. This deployment pattern meant that defects in the library could affect many unrelated applications at once, while major API or ABI changes could require coordinated work by operating-system distributions, language runtimes, and application maintainers.<ref name="ristic-bulletproof" />
=== Heartbleed and post-2014 reform === {{Main|Heartbleed}}
On April 7, 2014, OpenSSL disclosed Heartbleed, a bounds-checking error in the implementation of the TLS heartbeat extension. The bug was assigned the identifier CVE-2014-0160, affected OpenSSL 1.0.1 through 1.0.1f, and allowed an attacker to read up to 64 KB of memory from a vulnerable process per request.<ref name="heartbleed-advisory" /><ref name="nvd-cve-2014-0160" /><ref name="heartbleed-com" /> Because OpenSSL was deployed in HTTPS servers and other TLS-enabled software, Heartbleed triggered an Internet-wide remediation effort involving patching, certificate replacement, key rotation, and incident response.<ref name="netcraft-heartbleed" /><ref name="wired-heartbleed-lesson" /><ref name="akamai-heartbleed-update" /> Cryptographer Bruce Schneier described the disclosure as catastrophic, writing that on a scale of one to ten "this is an 11."<ref name="schneier-heartbleed" /> A challenge run by Cloudflare in the days after disclosure produced four independent extractions of TLS private keys from a vulnerable test server, confirming that Heartbleed could expose long-term secret material rather than only session data.<ref name="cloudflare-challenge" />
Heartbleed also reframed the public discussion of open-source infrastructure funding. The disclosure followed several months of heightened attention to Internet encryption after Snowden-era reporting on intelligence-service interference with cryptographic standards.<ref name="nyt-nsa-encryption" /> ''Wired'' reported that, at the time of disclosure, OpenSSL was maintained by a small team and had only one full-time developer.<ref name="wired-cii" /> Steve Marquess of the OpenSSL Software Foundation wrote that pre-Heartbleed donations to the foundation had averaged about US$2,000 per year, an amount inadequate to support full-time engineering on a project of OpenSSL's scope.<ref name="marquess-money" /> Shortly after the disclosure, the Linux Foundation announced the Core Infrastructure Initiative, backed by large technology companies, to fund OpenSSL and other open-source components.<ref name="wired-cii" /><ref name="ars-cii" />
The incident prompted alternative approaches to OpenSSL maintenance and API design. OpenBSD developers created LibreSSL as a cleaned-up fork of OpenSSL, and Google announced BoringSSL for its own products and infrastructure later in 2014.<ref name="ars-libressl" /><ref name="ars-boringssl" />
=== Modernization and OpenSSL 1.1.x ===
The OpenSSL 1.1.x series made many internal structures opaque, moved applications toward accessor functions, and reduced reliance on direct access to implementation details. OpenSSL 1.1.1, released in September 2018, added support for TLS 1.3, which the Internet Engineering Task Force had published as {{IETF RFC|8446}}.<ref name="securityweek-111" /><ref name="rfc8446" /> OpenSSL 1.1.1 was a long-term-support release and was supported until September 2023.<ref name="release-strategy" />
The shift to opaque data structures and stricter interfaces improved maintainability but created compatibility work for applications that had used OpenSSL internals directly. The same pattern of architectural change accompanied by downstream transition costs continued in the OpenSSL 3.x series.
=== OpenSSL 3.x ===
Public planning for OpenSSL 3.0 began several years before its release; a 2019 status update from the project described the release as one of the largest engineering efforts in OpenSSL's history and outlined the goals of provider-based algorithm loading, FIPS support, and an updated license.<ref name="caswell-30-update" /> OpenSSL 3.0 was released on September 7, 2021. It was the first OpenSSL release under the Apache License 2.0 and introduced a provider architecture that allowed cryptographic algorithm implementations to be loaded from providers rather than being only built into the core library.<ref name="openssl-3-release" /> The OpenSSL project described 3.0 as a release that was not fully backward compatible with OpenSSL 1.1.1, although most applications that worked with 1.1.1 were expected to work after recompilation, possibly with deprecation warnings.<ref name="openssl-3-release" />
OpenSSL 3.0 also introduced the new FIPS provider. The project submitted the OpenSSL 3.0 FIPS module for FIPS 140-2 validation in 2021.<ref name="fips-submission" /> In 2025, OpenSSL announced that version 3.1.2 of the OpenSSL FIPS Provider had achieved FIPS 140-3 validation, with certificate #4985 valid until March 10, 2030.<ref name="fips-140-3" />
OpenSSL 3.5, released in April 2025, was designated as the next long-term-support release after 3.0. The project said 3.5 would be supported until April 8, 2030, while OpenSSL 3.0 would receive full support until September 7, 2025 and security fixes until September 7, 2026.<ref name="openssl-35" /> OpenSSL 3.5 added support for post-quantum cryptographic algorithms and server-side QUIC.<ref name="openssl-35-release" />
=== OpenSSL 4.x ===
OpenSSL 4.0 was released on April 14, 2026. The project described it as a feature release with potentially incompatible changes.<ref name="openssl-40" /> The release removed or changed several deprecated behaviors and added new cryptographic and protocol features.<ref name="openssl-40" /> Under the release strategy in force at the time, non-LTS releases after 3.5 were supported for a minimum of 13 months, while new LTS releases were to be designated every two years and supported for at least five years.<ref name="release-strategy" />
== Architecture and components ==
=== libcrypto and libssl ===
OpenSSL is built around two libraries: '''libcrypto''' and '''libssl'''. Libcrypto provides cryptographic primitives and supporting functions, including message digests, symmetric ciphers, public-key cryptography, random-number generation, certificate parsing, and encoding utilities. Libssl implements the SSL and TLS protocol layers and uses libcrypto for the underlying cryptographic operations.<ref name="openssl-docs" /><ref name="viega-network-security" />
Libcrypto exposes input and output through the BIO abstraction, which presents a uniform interface to sockets, files, memory buffers, and filter chains such as base64 or digest computation.<ref name="openssl-docs" /><ref name="viega-network-security" /> Asymmetric keys, certificates, and algorithm parameters are wrapped through the EVP family of high-level interfaces, which the project recommends in preference to the older algorithm-specific functions.<ref name="openssl-migration" />
Applications can use OpenSSL directly through its C API or indirectly through bindings in other programming languages and frameworks. Higher-level libraries, web servers, mail servers, VPNs, and application runtimes use OpenSSL as their TLS or cryptographic backend.<ref name="openssl-docs" /><ref name="ristic-bulletproof" />
=== Command-line utility ===
The {{code|openssl}} command-line program exposes library functions through a shell interface. It can generate private keys, create and inspect certificates, produce certificate-signing requests, test TLS handshakes, compute digests, encrypt and decrypt data, and perform certificate-authority functions.<ref name="openssl-docs" /><ref name="viega-network-security" /> The {{code|s_client}} and {{code|s_server}} subcommands act as minimal client and server implementations and are commonly used to debug TLS endpoints.<ref name="openssl-docs" /> Production applications normally use the OpenSSL libraries directly rather than invoking the command-line utility.
=== Provider architecture ===
OpenSSL 3.0 introduced a provider architecture for cryptographic algorithm implementations. Providers can supply implementations of algorithms and can be selected by applications or configuration. The architecture was intended to make algorithm implementations more modular and to support FIPS-validated implementations, legacy algorithms, and third-party providers.<ref name="openssl-3-release" /><ref name="openssl-migration" /> Providers replaced the older ENGINE interface, which had served the same role of allowing alternative cryptographic backends, including hardware accelerators, in pre-3.0 releases.<ref name="openssl-migration" />
The provider model also changed the way applications interact with some cryptographic functionality. The OpenSSL project advised developers to migrate away from deprecated low-level APIs and toward higher-level interfaces such as the EVP APIs where possible.<ref name="openssl-3-release" /><ref name="openssl-migration" />
=== Algorithms ===
OpenSSL supports a range of cryptographic algorithms across several categories: ; Ciphers : AES, Blowfish, Camellia, ChaCha20, Poly1305, SEED, CAST-128, DES, IDEA, RC2, RC4, RC5, Triple DES, GOST 28147-89,<ref name="gost-engine" /> and SM4. ; Cryptographic hash functions : MD5, MD4, MD2, SHA-1, SHA-2, SHA-3, RIPEMD-160, MDC-2, GOST R 34.11-94,<ref name="gost-engine" /> BLAKE2, Whirlpool, and SM3. ; Public-key cryptography : RSA, DSA, Diffie–Hellman key exchange, elliptic-curve variants of these (ECDSA, ECDH), and Ed25519 and X25519 from the Curve25519 family.<ref name="openssl-docs" /><ref name="ristic-bulletproof" /> ; Post-quantum cryptography : From OpenSSL 3.5, the project added support for post-quantum key encapsulation and signature algorithms standardized by NIST, including ML-KEM and ML-DSA.<ref name="openssl-35-release" />
=== FIPS support ===
FIPS 140 is a U.S. government standard and validation program for cryptographic modules. OpenSSL has had several FIPS-related modules and validations over time. OpenSSL 1.0.2 supported use of the OpenSSL FIPS Object Module 2.0, while OpenSSL 3.x replaced the older model with the FIPS provider architecture.<ref name="fips-submission" /><ref name="fips-140-3" />
The OpenSSL 3.0 FIPS Provider was submitted for FIPS 140-2 validation shortly after the OpenSSL 3.0 release.<ref name="fips-submission" /> In March 2025, OpenSSL announced that the OpenSSL 3.1.2 FIPS Provider had achieved FIPS 140-3 validation under certificate #4985.<ref name="fips-140-3" />
== Governance and funding ==
For much of its early history, OpenSSL was maintained by a small group of volunteer and part-time developers. The project's limited resources became a public issue after Heartbleed, when coverage of the incident drew attention to the dependence of commercial and public infrastructure on lightly funded open-source components.<ref name="wired-cii" /><ref name="ars-cii" /><ref name="marquess-money" />
OpenSSL was historically represented by the OpenSSL Software Foundation for legal and community matters and by OpenSSL Software Services for commercial support. In 2024, the project announced a new governance framework in which the OpenSSL Management Committee was dissolved and responsibilities were divided between two co-equal entities, the OpenSSL Foundation and the OpenSSL Corporation.<ref name="governance-2024" /> Each organization elected a ten-member board of directors; the project described the Foundation as focused on non-commercial communities and the Corporation as focused on commercial communities.<ref name="governance-2024" />
The OpenSSL Corporation's 2025 annual report stated that 2025 revenue came from commercial support contracts and that the organization ended the year close to break-even under a conservative financial model.<ref name="annual-2025" /> The Foundation also began publishing annual reports as part of a transparency effort after the governance changes.<ref name="foundation-report" />
== Release model ==
OpenSSL follows a scheduled release strategy. Under the strategy adopted from OpenSSL 3.5 onward, the project planned new releases every April and October, a new long-term-support release every two years, and, beginning with OpenSSL 5.0, a major release every two years.<ref name="release-strategy" /> LTS releases are supported for at least five years, with the final year limited to security fixes; non-LTS releases after 3.5 are supported for at least 13 months.<ref name="release-strategy" />
{| class="wikitable sortable" |+ Selected major OpenSSL release lines ! scope="col" | Version line !! scope="col" | First release !! scope="col" | End of life date !! scope="col" class="unsortable" | Notes |- ! scope="row" | 0.9.x | 1998 || 2005 || Early OpenSSL releases derived from SSLeay; founding of the project. |- ! scope="row" | 1.0.1 | March 14, 2012 || December 31, 2016 || Added TLS 1.1 and TLS 1.2; affected by Heartbleed in versions 1.0.1–1.0.1f. |- ! scope="row" | 1.0.2 | January 22, 2015 || December 31, 2019 || Long-lived pre-1.1 line; used by many distributions and vendors. |- ! scope="row" | 1.1.1 LTS | September 11, 2018 || September 11, 2023 || Added TLS 1.3 support.<ref name="securityweek-111" /> |- ! scope="row" | 3.0 LTS | September 7, 2021 || September 7, 2026 || Provider architecture, Apache License 2.0, new FIPS provider.<ref name="openssl-3-release" /><ref name="openssl-35" /> |- ! scope="row" | 3.5 LTS | April 8, 2025 || April 8, 2030 || LTS line with PQC and QUIC-related additions.<ref name="openssl-35" /><ref name="openssl-35-release" /> |- ! scope="row" | 4.0 | April 14, 2026 || May 14, 2027 || Feature release with incompatible changes and removal of deprecated behaviors.<ref name="openssl-40" /> |}
== Security history ==
OpenSSL's security history reflects the library's deployment scale. The project maintains a security policy and classifies vulnerabilities by severity, taking into account affected versions, defaults, use cases, and exploitability.<ref name="security-policy" /> Not every OpenSSL vulnerability has had the same public impact; the incidents below involved broad deployment, private-key or plaintext exposure, or systemic consequences for the wider Internet.
=== Debian predictable random number generator ===
In 2008, Debian disclosed that a Debian-specific patch to OpenSSL had weakened the random-number generator used by Debian and Debian-derived systems. The change, introduced in 2006, reduced the number of possible keys that could be generated, affecting SSH, TLS certificates, and other cryptographic material produced on vulnerable systems.<ref name="debian-rng" /> The defect was not in upstream OpenSSL, but the incident illustrated how downstream changes to cryptographic libraries can have severe security consequences. OpenSSL later replaced its earlier entropy-handling code with a deterministic random bit generator (DRBG) consistent with NIST guidance.<ref name="openssl-docs" />
=== Heartbleed === {{anchor|Heartbleed bug}}
Heartbleed is the most prominent OpenSSL vulnerability by public impact. It was caused by a missing bounds check in the TLS heartbeat implementation and allowed attackers to read memory from vulnerable servers and clients.<ref name="heartbleed-advisory" /><ref name="nvd-cve-2014-0160" /> At disclosure, Netcraft estimated that about half a million trusted HTTPS servers were vulnerable.<ref name="netcraft-heartbleed" /> Cloudflare's public challenge demonstrated that the bug could be used to extract TLS private keys, not only session data.<ref name="cloudflare-challenge" /> Remediation included upgrading OpenSSL, restarting affected services, revoking and replacing certificates, and rotating potentially exposed credentials.<ref name="wired-heartbleed-lesson" /><ref name="akamai-heartbleed-update" />
=== Other major vulnerabilities ===
OpenSSL has disclosed many vulnerabilities besides Heartbleed; most have been addressed through the project's security-advisory process.<ref name="vulnerabilities-page" /> A 2003 issue in OpenSSL 0.9.6k allowed certain malformed ASN.1 sequences to trigger excessive recursion that could crash a vulnerable process.<ref name="vulnerabilities-page" /> An OCSP-stapling parsing flaw disclosed in 2011 ({{CVE|2011-0014}}) affected OpenSSL 0.9.8h–0.9.8q and 1.0.0–1.0.0c and could be used either as a denial-of-service vector or, depending on the calling application, to read adjacent memory.<ref name="secadv-2011-0014" /> An ASN.1 BIO heap-overflow vulnerability disclosed in April 2012 ({{CVE|2012-2110}}) affected applications that used the ASN.1 read functions on untrusted DER input.<ref name="secadv-2012-2110" /> In February 2013, Royal Holloway researchers Nadhem AlFardan and Kenny Paterson disclosed the "Lucky Thirteen attack" ({{CVE|2013-0169}}), a timing attack against CBC-mode cipher suites in SSL, TLS, and DTLS that affected OpenSSL among other implementations.<ref name="lucky13" />{{anchor|CVE-2014-0224}} In June 2014, OpenSSL fixed a ChangeCipherSpec injection vulnerability ({{CVE|2014-0224}}) that could allow a man-in-the-middle attack in limited circumstances when both client and server were vulnerable.<ref name="ccs-advisory" /> {{anchor|CVE-2015-0291}} In March 2015, OpenSSL fixed a denial-of-service vulnerability ({{CVE|2015-0291}}) caused by handling of the {{code|signature_algorithms}} extension in {{code|ClientHello}} during renegotiation.<ref name="secadv-20150319" />{{anchor|CVE-2016-0701}} In 2016, OpenSSL fixed a high-severity issue involving Diffie–Hellman small subgroups ({{CVE|2016-0701}}) that could permit key recovery in particular configurations.<ref name="ars-dh" />
== Forks and derivatives ==
OpenSSL's role as a general-purpose TLS and cryptography library has produced several forks and derivative projects. These were generally created to meet different security, governance, API-stability, or product-integration requirements rather than to replace OpenSSL outright.<ref name="ristic-bulletproof" />
=== Agglomerated SSL === {{anchor|assl}}
Agglomerated SSL, or assl, was an OpenBSD-related wrapper project created by Marco Peereboom to provide a simpler interface on top of OpenSSL's API. It was later superseded by the LibreSSL effort and is no longer central to the OpenSSL ecosystem.<ref name="assl" />
=== LibreSSL === {{Main|LibreSSL}}
In April 2014, after Heartbleed, members of the OpenBSD project forked OpenSSL 1.0.1g to create LibreSSL.<ref name="ars-libressl" /> OpenBSD developers said the fork was motivated by auditability, removal of obsolete code, safer defaults, and a desire to simplify the codebase. Early reporting described the project as a cleanup of OpenSSL, including removal of large amounts of unused or legacy code.<ref name="zdnet-libressl" /> LibreSSL became the TLS library in OpenBSD and was later made available as LibreSSL Portable for other operating systems.
=== BoringSSL === {{anchor|BORINGSSL}}
In June 2014, Google announced BoringSSL, another OpenSSL-derived library.<ref name="ars-boringssl" /> Unlike OpenSSL, BoringSSL is not intended to provide a stable general-purpose API for third-party operating-system distributions. It is developed for Google's own products and infrastructure, including Chromium and Android-related uses. Google said it expected to continue exchanging fixes with OpenSSL and LibreSSL where appropriate.<ref name="boringssl-announcement" />
=== AWS-LC === {{anchor|AWS-LC}}
AWS-LC is a general-purpose cryptographic library maintained by Amazon Web Services. It is based on code from OpenSSL and BoringSSL and is used in AWS cryptographic software.<ref name="aws-lc" /> The project reflects a pattern in which large infrastructure providers maintain TLS and cryptographic libraries adapted to their own platform, performance, FIPS, and operational requirements.
=== QuicTLS === {{anchor|QuicTLS}}
QuicTLS is an OpenSSL-derived fork created to provide QUIC-related TLS APIs before comparable support was available in OpenSSL releases.<ref name="quictls" /> It was used by some projects that wanted OpenSSL compatibility together with the QUIC APIs needed for HTTP/3 development. OpenSSL later added QUIC functionality in the 3.x series, including client-side QUIC in OpenSSL 3.2 and additional QUIC support in later releases.<ref name="openssl-35-release" />
== Compatibility and criticism ==
OpenSSL's API history, release cadence, and role as a dependency for many unrelated applications have made major version transitions difficult. Compatibility concerns appeared during the move to OpenSSL 1.1.x, the OpenSSL 3.0 provider architecture, and later QUIC-related API work.<ref name="openssl-3-release" /><ref name="redhat-30" />
=== API and ABI compatibility ===
OpenSSL has not guaranteed source or binary compatibility across all major versions. The 1.1.x series made many structures opaque and required applications to use accessor functions rather than direct structure access. OpenSSL 3.0 introduced provider-based algorithm loading, a new FIPS model, and deprecation of many older APIs.<ref name="openssl-3-release" /><ref name="openssl-migration" /> These changes were intended to improve maintainability, extensibility, and compliance support; they also required software maintainers and operating-system vendors to update dependent packages.
=== OpenSSL 3.0 transition ===
The OpenSSL 3.0 transition combined a new provider architecture, relicensing under Apache-2.0, and a new FIPS provider. Red Hat described the work of bringing OpenSSL 3.0 into Fedora and Red Hat Enterprise Linux as a substantial transition involving rebuilds, compatibility patches, and adjustments by dependent packages.<ref name="redhat-30" /> Some users and downstream projects reported performance regressions or compatibility problems after moving from OpenSSL 1.1.1 to OpenSSL 3.x, particularly in workloads involving repeated parsing, key loading, or provider-related operations.<ref name="openssl-3-release" />
=== QUIC support ===
OpenSSL's handling of QUIC support became a recurring criticism among HTTP/3 and QUIC implementers. QUIC requires TLS library support for functions that differ from conventional TLS-over-TCP use. BoringSSL and other libraries added QUIC-related APIs earlier, while OpenSSL delayed adoption of the commonly used API and later developed its own approach.<ref name="quic-blog" /><ref name="curl-quic" /> The delay contributed to the use of QuicTLS by projects that wanted OpenSSL compatibility together with QUIC APIs.<ref name="quictls" />
== Licensing ==
OpenSSL releases before 3.0 are covered by the dual OpenSSL and SSLeay licenses.<ref name="openssl-license" /> The older OpenSSL license included advertising-clause-style language and was incompatible with the GNU General Public License without an exception, which led some GPL-licensed projects either to add an explicit OpenSSL exception or to use alternative TLS libraries such as GnuTLS or Network Security Services.<ref name="fsf-licenses" />
In 2015, the project announced a relicensing effort that required most contributors to sign contributor license agreements. The relicensing process was completed before the OpenSSL 3.0 release, and OpenSSL 3.0 and later releases are licensed under the Apache License 2.0.<ref name="license-change" /><ref name="openssl-3-release" /><ref name="openssl-license" />
== See also ==
{{Portal|Free and open-source software}} * Comparison of cryptography libraries * Comparison of TLS implementations * wolfSSL
== References == {{Reflist|refs=
<ref name="akamai-heartbleed-update">{{cite web |title=Heartbleed Update |url=https://blogs.akamai.com/2014/04/heartbleed-update.html |publisher=Akamai Technologies |date=April 11, 2014 |access-date=May 15, 2026 |archive-url=https://web.archive.org/web/20140831101356/https://blogs.akamai.com/2014/04/heartbleed-update.html |archive-date=August 31, 2014 |url-status=dead}}</ref>
<ref name="annual-2025">{{cite web |last=Bolek |first=Martin |title=We Released Our Annual Report 2025 |url=https://openssl-corporation.org/post/2026-02-10-annual-report-2025/ |publisher=OpenSSL Corporation |date=February 10, 2026 |access-date=May 15, 2026}}</ref>
<ref name="ars-boringssl">{{cite news |last=Goodin |first=Dan |title=Google unveils independent "fork" of OpenSSL called "BoringSSL" |url=https://arstechnica.com/information-technology/2014/06/google-unveils-independent-fork-of-openssl-called-boringssl/ |work=Ars Technica |date=June 20, 2014 |access-date=May 15, 2026}}</ref>
<ref name="ars-cii">{{cite news |last=Goodin |first=Dan |title=Tech giants, chastened by Heartbleed, finally agree to fund OpenSSL |url=https://arstechnica.com/information-technology/2014/04/tech-giants-chastened-by-heartbleed-finally-agree-to-fund-openssl/ |work=Ars Technica |date=April 24, 2014 |access-date=May 15, 2026}}</ref>
<ref name="ars-dh">{{cite news |last=Goodin |first=Dan |title=High-severity bug in OpenSSL allows attackers to decrypt HTTPS traffic |url=https://arstechnica.com/information-technology/2016/01/high-severity-bug-in-openssl-allows-attackers-to-decrypt-https-traffic/ |work=Ars Technica |date=January 28, 2016 |access-date=May 15, 2026}}</ref>
<ref name="ars-libressl">{{cite news |last=Brodkin |first=Jon |title=OpenSSL code beyond repair, claims creator of "LibreSSL" fork |url=https://arstechnica.com/information-technology/2014/04/openssl-code-beyond-repair-claims-creator-of-libressl-fork/ |work=Ars Technica |date=April 22, 2014 |access-date=May 15, 2026}}</ref>
<ref name="assl">{{cite web |title=Agglomerated SSL |url=https://github.com/conformal/assl |website=GitHub |date=September 7, 2010 |access-date=May 15, 2026}}</ref>
<ref name="aws-lc">{{cite web |title=AWS-LC is a general-purpose cryptographic library |url=https://github.com/aws/aws-lc |website=GitHub |publisher=Amazon Web Services |access-date=May 15, 2026}}</ref>
<ref name="boringssl-announcement">{{cite web |last=Langley |first=Adam |title=BoringSSL |url=https://www.imperialviolet.org/2014/06/20/boringssl.html |website=ImperialViolet |date=June 20, 2014 |access-date=May 15, 2026}}</ref>
<ref name="caswell-30-update">{{cite web |title=OpenSSL 3.0 update |url=https://openssl-library.org/post/2019-11-07-3.0-update/ |publisher=OpenSSL Library |date=November 7, 2019 |access-date=May 15, 2026}}</ref>
<ref name="ccs-advisory">{{cite web |title=OpenSSL Security Advisory [05 Jun 2014] |url=https://www.openssl.org/news/secadv/20140605.txt |publisher=OpenSSL Project |date=June 5, 2014 |access-date=May 15, 2026}}</ref>
<ref name="cloudflare-challenge">{{cite web |title=The Results of the CloudFlare Challenge |url=https://blog.cloudflare.com/the-results-of-the-cloudflare-challenge/ |publisher=Cloudflare |date=April 11, 2014 |access-date=May 15, 2026}}</ref>
<ref name="curl-quic">{{cite web |last=Stenberg |first=Daniel |title=The QUIC API OpenSSL will not provide |url=https://daniel.haxx.se/blog/2021/10/25/the-quic-api-openssl-will-not-provide/ |website=daniel.haxx.se |date=October 25, 2021 |access-date=May 15, 2026}}</ref>
<ref name="debian-rng">{{cite web |title=DSA-1571-1 openssl — predictable random number generator |url=https://www.debian.org/security/2008/dsa-1571 |publisher=Debian Project |date=May 13, 2008 |access-date=May 15, 2026}}</ref>
<ref name="fips-140-3">{{cite web |title=OpenSSL 3.1.2: FIPS 140-3 Validated |url=https://openssl-library.org/post/2025-03-11-fips-140-3/ |publisher=OpenSSL Library |date=March 11, 2025 |access-date=May 15, 2026}}</ref>
<ref name="fips-submission">{{cite web |title=OpenSSL 3.0 FIPS Module has been submitted for validation |url=https://openssl-library.org/post/2021-09-22-openssl3-fips-submission/ |publisher=OpenSSL Library |date=September 22, 2021 |access-date=May 15, 2026}}</ref>
<ref name="foundation-report">{{cite web |title=OpenSSL Foundation publishes first ever annual report |url=https://openssl-library.org/post/2024-12-23-foundation-annual-report/ |publisher=OpenSSL Library |date=December 23, 2024 |access-date=May 15, 2026}}</ref>
<ref name="fsf-licenses">{{cite web |title=Various Licenses and Comments about Them |url=https://www.gnu.org/licenses/license-list.html |publisher=Free Software Foundation |access-date=May 15, 2026}}</ref>
<ref name="gost-engine">{{cite web |title=GOST engine OpenSSL 1.0.0 README |url=http://cvs.openssl.org/fileview?f=openssl/engines/ccgost/README.gost |publisher=OpenSSL Project |access-date=May 15, 2026 |archive-url=https://archive.today/20130415122812/http://cvs.openssl.org/fileview?f=openssl/engines/ccgost/README.gost |archive-date=April 15, 2013 |url-status=dead}}</ref>
<ref name="governance-2024">{{cite web |title=New Governance Structure and New Projects under the Mission |url=https://openssl-library.org/post/2024-07-24-openssl-new-governance-structure/ |publisher=OpenSSL Library |date=July 24, 2024 |access-date=May 15, 2026}}</ref>
<ref name="lucky13">{{cite conference |last1=AlFardan |first1=Nadhem J. |last2=Paterson |first2=Kenneth G. |title=Lucky Thirteen: Breaking the TLS and DTLS Record Protocols |conference=2013 IEEE Symposium on Security and Privacy |publisher=IEEE |date=May 2013 |url=https://ieeexplore.ieee.org/document/6547131 |access-date=May 15, 2026}}</ref>
<ref name="secadv-2011-0014">{{cite web |title=OpenSSL Security Advisory [8 February 2011] |url=https://www.openssl.org/news/secadv/20110208.txt |publisher=OpenSSL Project |date=February 8, 2011 |access-date=May 15, 2026}}</ref>
<ref name="secadv-2012-2110">{{cite web |title=OpenSSL Security Advisory [19 April 2012] |url=https://www.openssl.org/news/secadv/20120419.txt |publisher=OpenSSL Project |date=April 19, 2012 |access-date=May 15, 2026}}</ref>
<ref name="secadv-20150319">{{cite web |title=OpenSSL Security Advisory [19 Mar 2015] |url=https://www.openssl.org/news/secadv/20150319.txt |publisher=OpenSSL Project |date=March 19, 2015 |access-date=May 15, 2026}}</ref>
<ref name="heartbleed-advisory">{{cite web |title=OpenSSL Security Advisory [07 Apr 2014] |url=https://www.openssl.org/news/secadv/20140407.txt |publisher=OpenSSL Project |date=April 7, 2014 |access-date=May 15, 2026}}</ref>
<ref name="heartbleed-com">{{cite web |title=The Heartbleed Bug |url=https://heartbleed.com/ |publisher=Codenomicon |date=April 7, 2014 |access-date=May 15, 2026}}</ref>
<ref name="license-change">{{cite web |last=Salz |first=Rich |title=License Agreements and Changes Are Coming |url=https://openssl-library.org/post/2015-08-01-cla/ |publisher=OpenSSL Library |date=August 1, 2015 |access-date=May 15, 2026}}</ref>
<ref name="marquess-money">{{cite web |last=Marquess |first=Steve |title=Of Money, Responsibility, and Pride |url=http://veridicalsystems.com/blog/of-money-responsibility-and-pride/ |publisher=Veridical Systems |date=April 12, 2014 |access-date=May 15, 2026 |archive-url=https://web.archive.org/web/20150204105735/http://veridicalsystems.com/blog/of-money-responsibility-and-pride/ |archive-date=February 4, 2015 |url-status=dead}}</ref>
<ref name="netcraft-heartbleed">{{cite web |last=Mutton |first=Paul |title=Half a million widely trusted websites vulnerable to Heartbleed bug |url=https://news.netcraft.com/archives/2014/04/08/half-a-million-widely-trusted-websites-vulnerable-to-heartbleed-bug.html |publisher=Netcraft |date=April 8, 2014 |access-date=May 15, 2026}}</ref>
<ref name="nvd-cve-2014-0160">{{cite web |title=CVE-2014-0160 Detail |url=https://nvd.nist.gov/vuln/detail/CVE-2014-0160 |publisher=National Institute of Standards and Technology |access-date=May 15, 2026}}</ref>
<ref name="nyt-nsa-encryption">{{cite news |last1=Perlroth |first1=Nicole |last2=Larson |first2=Jeff |last3=Shane |first3=Scott |title=N.S.A. Able to Foil Basic Safeguards of Privacy on Web |url=https://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html |work=The New York Times |date=September 6, 2013 |access-date=May 15, 2026}}</ref>
<ref name="openssl-20years">{{cite web |last=Cox |first=Mark |title=Celebrating 20 years of OpenSSL |url=https://openssl-library.org/post/2018-12-20-20years/index.html |publisher=OpenSSL Library |date=December 20, 2018 |access-date=May 15, 2026}}</ref>
<ref name="openssl-3-release">{{cite web |last=Caswell |first=Matt |title=OpenSSL 3.0 has been released! |url=https://openssl-library.org/post/2021-09-06-openssl3.final/ |publisher=OpenSSL Library |date=September 7, 2021 |access-date=May 15, 2026}}</ref>
<ref name="openssl-35">{{cite web |title=OpenSSL 3.5 will be the next long term stable (LTS) release |url=https://openssl-library.org/post/2025-02-20-openssl-3.5-lts/ |publisher=OpenSSL Library |date=February 20, 2025 |access-date=May 15, 2026}}</ref>
<ref name="openssl-35-release">{{cite web |title=OpenSSL 3.5 Final Release |url=https://openssl-library.org/post/2025-04-08-openssl-35-final-release/ |publisher=OpenSSL Library |date=April 8, 2025 |access-date=May 15, 2026}}</ref>
<ref name="openssl-40">{{cite web |title=OpenSSL 4.0 Final Release - Live |url=https://openssl-library.org/post/2026-04-14-openssl-40-final-release/ |publisher=OpenSSL Library |date=April 14, 2026 |access-date=May 15, 2026}}</ref>
<ref name="openssl-announce">{{cite mailing list |last=Laurie |first=Ben |title=Announce: OpenSSL (Take 2) |url=https://marc.info/?l=ssl-users&m=91566086807308&w=2 |mailing-list=ssl-users |date=January 6, 1999 |access-date=May 15, 2026}}</ref>
<ref name="openssl-docs">{{cite web |title=OpenSSL Documentation |url=https://docs.openssl.org/ |publisher=OpenSSL Library |access-date=May 15, 2026}}</ref>
<ref name="openssl-license">{{cite web |title=License |url=https://openssl-library.org/source/license/ |publisher=OpenSSL Library |access-date=May 15, 2026}}</ref>
<ref name="openssl-migration">{{cite web |title=OpenSSL 3.0 Migration Guide |url=https://docs.openssl.org/master/man7/ossl-guide-migration/ |publisher=OpenSSL Library |access-date=May 15, 2026}}</ref>
<ref name="quic-blog">{{cite web |last=Caswell |first=Matt |title=QUIC and OpenSSL |url=https://openssl-library.org/post/2020-02-13-quic-and-openssl/ |publisher=OpenSSL Library |date=February 17, 2020 |access-date=May 15, 2026}}</ref>
<ref name="quictls">{{cite web |title=The official repository for the QuicTLS project |url=https://github.com/quictls/quictls |website=GitHub |access-date=May 15, 2026}}</ref>
<ref name="redhat-30">{{cite web |last=Belyavskiy |first=Dmitry |title=The experience of bringing OpenSSL 3.0 into Red Hat Enterprise Linux and Fedora |url=https://www.redhat.com/en/blog/experience-bringing-openssl-30-rhel-and-fedora |publisher=Red Hat |access-date=May 15, 2026}}</ref>
<ref name="release-strategy">{{cite web |title=Release Strategy |url=https://openssl-library.org/policies/releasestrat/ |publisher=OpenSSL Library |access-date=May 15, 2026}}</ref>
<ref name="rfc8446">{{cite IETF |last=Rescorla |first=Eric |title=The Transport Layer Security (TLS) Protocol Version 1.3 |publisher=Internet Engineering Task Force |rfc=8446 |date=August 2018 |access-date=May 15, 2026}}</ref>
<ref name="ristic-bulletproof">{{cite book |last=Ristić |first=Ivan |title=Bulletproof SSL and TLS |publisher=Feisty Duck |year=2014 |isbn=978-1-907117-04-6}}</ref>
<ref name="schneier-heartbleed">{{cite web |last=Schneier |first=Bruce |title=Heartbleed |url=https://www.schneier.com/blog/archives/2014/04/heartbleed.html |website=Schneier on Security |date=April 9, 2014 |access-date=May 15, 2026}}</ref>
<ref name="security-policy">{{cite web |title=Security Policy |url=https://openssl-library.org/policies/general/security-policy/ |publisher=OpenSSL Library |access-date=May 15, 2026}}</ref>
<ref name="securityweek-111">{{cite news |last=Kovacs |first=Eduard |title=OpenSSL 1.1.1 Released with TLS 1.3, Security Improvements |url=https://www.securityweek.com/openssl-111-released-tls-13-security-improvements/ |work=SecurityWeek |date=September 11, 2018 |access-date=May 15, 2026}}</ref>
<ref name="viega-network-security">{{cite book |last1=Viega |first1=John |last2=Messier |first2=Matt |last3=Chandra |first3=Pravir |title=Network Security with OpenSSL |publisher=O'Reilly Media |year=2002}}</ref>
<ref name="vulnerabilities-page">{{cite web |title=Vulnerabilities |url=https://openssl-library.org/news/vulnerabilities/ |publisher=OpenSSL Library |access-date=May 15, 2026}}</ref>
<ref name="wired-cii">{{cite news |last=Finley |first=Klint |title=Google, Facebook, and Microsoft Team Up to Stop Another Heartbleed |url=https://www.wired.com/2014/04/cii/ |work=Wired |date=April 24, 2014 |access-date=May 15, 2026}}</ref>
<ref name="wired-heartbleed-lesson">{{cite news |last=Finley |first=Klint |title=How Heartbleed Broke the Internet — And Why It Can Happen Again |url=https://www.wired.com/2014/04/heartbleedslesson/ |work=Wired |date=April 9, 2014 |access-date=May 15, 2026}}</ref>
<ref name="zdnet-libressl">{{cite news |last=Vaughan-Nichols |first=Steven J. |title=OpenBSD forks, prunes, fixes OpenSSL |url=https://www.zdnet.com/article/openbsd-forks-prunes-fixes-openssl/ |work=ZDNET |date=April 21, 2014 |access-date=May 15, 2026}}</ref> }}
== External links == {{Commons category}} * {{Official website|https://www.openssl.org/}} * [https://github.com/openssl/openssl OpenSSL source repository]
{{Cryptographic software}} {{SSL/TLS}}
{{Authority control}}
{{DEFAULTSORT:Openssl}} Category:1998 software Category:C (programming language) libraries Category:Cryptographic software Category:Free security software Category:Free software programmed in C Category:Public key infrastructure Category:Software using the Apache license Category:Transport Layer Security implementation