OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library. For more information about the team and community around the project, or to start making your own contributions, start with the community page. To get the latest news, download the source, and so on, please see the sidebar or the buttons at the top of every page.
OpenSSL is licensed under an Apache-style license, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.
For a list of vulnerabilities, and the releases in which they were found and fixes, see our Vulnerabilities page.
|17-Feb-2020||New Blog post: QUIC and OpenSSL|
|20-Dec-2019||OpenSSL 1.0.2u is now available, including security fixes|
|06-Dec-2019||Security Advisory: one low severity fix|
|07-Nov-2019||New Blog post: Update on 3.0 Development, FIPS and 1.0.2 EOL|
|10-Sep-2019||Security Advisory: three low severity fixes|
|10-Sep-2019||OpenSSL 1.1.1d is now available, including bug and security fixes|
Please remember that export/import and/or use of strong cryptography software, providing cryptography hooks, or even just communicating technical details about cryptography software is illegal in some parts of the world. So when you import this package to your country, re-distribute it from there or even just email technical suggestions or even source patches to the authors or other people you are strongly advised to pay close attention to any laws or regulations which apply to you. The authors of OpenSSL are not liable for any violations you make here. So be careful, it is your responsibility.