The OpenSSL Management Committee are looking to hire a full time Platform Engineer. This is a sysadmin role. Details of the roles follow.

To apply please send your cover letter and resume to jobs@openssl.org by 17th June 2022.

The OpenSSL Management Committee are looking to hire a full time Business Operations Administrator. Details of the role follow.

To apply please send your cover letter and resume to jobs@openssl.org by 6th June 2022.

The OpenSSL Technical Committee (OTC) was recently made aware of several potential attacks against the OpenSSL libraries which might permit information leakage via the Spectre attack.¹ Although there are currently no known exploits for the Spectre attacks identified, it is plausible that some of them might be exploitable.

Local side channel attacks, such as these, are outside the scope of our security policy, however the project generally does introduce mitigations when they are discovered. In this case, the OTC has decided that these attacks will not be mitigated by changes to the OpenSSL code base. The full reasoning behind this is given below.

The OTC recently agreed a new design process that needs to be followed for future releases. See here for details. Moving forward designs for significant features should be captured and stored alongside the documentation in our main source code repository and updated if necessary during the development process.

The OpenSSL community is a diverse group, ranging from those that use applications that depend on OpenSSL (effectively end-users) to operating system distributions, application developers, embedded devices, layered security libraries, and cryptographic algorithm and protocol researchers. Each of these subsets of our community have different needs and different priorities.

The OpenSSL Management Committee are looking to hire a full time Developer and a full time Manager. Details of the roles follow.

To apply please send your cover letter and resume to jobs@openssl.org by 6th January 2022 (extended from 9th December 2021).

The OpenSSL Technical Committee decided to have a more formal but also a more open process on establishing changes to OpenSSL technical policies and other technical decisions made by the OpenSSL Technical Committee. We would like to invite the broad community of OpenSSL developers and users to participate in our decision making process.

The OpenSSL project is seeking community maintainers to assist with supporting platforms that the project is unable to.

If you have a platform that you’d like to see supported which isn’t a primary or secondary platform as per our platform policy, you should consider stepping up as a community maintainer.

Following on from the recent announcement that OpenSSL 3.0 has been released, we have now also submitted our FIPS 140-2 validation report to NIST’s Cryptographic Module Validation Program (CMVP).

The currently recommended certificate chain as presented to Let’s Encrypt ACME clients when new certificates are issued contains an intermediate certificate (ISRG Root X1) that is signed by an old DST Root CA X3 certificate that expires on 2021-09-30. In some cases the OpenSSL 1.0.2 version will regard the certificates issued by the Let’s Encrypt CA as having an expired trust chain.