OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library. For more information about the team and community around the project, or to start making your own contributions, start with the community page. To get the latest news, download the source, and so on, please see the sidebar or the buttons at the top of every page.
OpenSSL is licensed under an Apache-style license, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.
For a list of vulnerabilities, and the releases in which they were found and fixes, see our Vulnerabilities page.
|28-Aug-2017||Security Advisory: Buffer overread|
|25-May-2017||OpenSSL 1.1.0f is now available, including various bug fixes (no security fixes)|
|25-May-2017||OpenSSL 1.0.2l is now available, including various bug fixes (no security fixes)|
|04-May-2017||New Blog post: Using TLS1.3 with OpenSSL|
|23-Mar-2017||Licensing website launched|
|27-Feb-2017||Code Health Tuesday|
Please remember that export/import and/or use of strong cryptography software, providing cryptography hooks, or even just communicating technical details about cryptography software is illegal in some parts of the world. So when you import this package to your country, re-distribute it from there or even just email technical suggestions or even source patches to the authors or other people you are strongly advised to pay close attention to any laws or regulations which apply to you. The authors of OpenSSL are not liable for any violations you make here. So be careful, it is your responsibility.