UPDATE: Please note this position has been filled.

Job Description

We are seeking a passionate, tech-savvy individual to act as a Community Engagement Leader for the OpenSSL project. The ideal candidate will be responsible for fostering and enhancing connections between various communities around OpenSSL, facilitating fruitful discussions, spreading awareness about the project, and driving engagement and contributions. An essential aspect of this role is alignment with our core values and mission, as we expect these principles to be reflected in your day-to-day professional activities. Beyond community engagement, this role also involves collecting and contributing valuable insights to the project’s roadmap, making it an integral part of the project’s continuous growth and improvement.

This is a remote position with travel required, approximately up to 15% of working time. Given the global nature of the project, we require flexibility in accommodating various time zones outside of conventional business hours. We are seeking candidates located specifically within the Europe and North America.

To apply please send your resume to jobs@openssl.org by 17th August 2023.

Applications will be reviewed on a rolling basis. Only candidates selected for interviews will be contacted.

UPDATE: Please note this position has been filled.

Job Description

We are seeking a Software Engineer to join our team. As a Software Engineer at OpenSSL, you will play a vital role in sustaining and evolving the core cryptography and network protocol functionality that enables secure communication across the internet. In addition to your technical contributions, it’s essential that you align with and uphold our core values and mission in your everyday professional activities. Your responsibilities will include resolving issues of support customers, as well as working on the OpenSSL toolkit, contributing to the development, debugging, and maintenance of this crucial open-source resource. Your day-to-day tasks will include analyzing and solving complex software problems, collaborating on the design and implementation of secure solutions, and writing and maintaining detailed technical documentation. Our ideal candidate is someone who is interested in secure communication, has a deep understanding of C programming, and possesses a strong sense of ownership.

This is a remote position. Given the global nature of the project, we require flexibility in accommodating various time zones outside of conventional business hours. In particular, our weekly and daily meetings are generally scheduled within the core hours of 7-11am UTC.

To apply please send your resume to jobs@openssl.org by 17th August 2023.

Applications will be reviewed on a rolling basis. Only candidates selected for interviews will be contacted.

UPDATE: Please note this position has been filled.

Job Description

We are seeking a dynamic and innovative DevOps Engineer to join our team. This role demands a high level of technical knowledge, leadership skills, and the ability to communicate the state of our infrastructure externally. Furthermore, it’s crucial that you share and uphold our core values and mission in your everyday professional activities. As a critical member of our team, you will drive our continuous integration and deployment efforts, while ensuring that our infrastructure status is transparent and effectively conveyed externally.

This is a remote position. Given the global nature of the project, we require flexibility in accommodating various time zones outside of conventional business hours. In particular, our weekly and daily meetings are generally scheduled within the core hours of 7-11am UTC.

To apply please send your resume to jobs@openssl.org by 17th August 2023.

Applications will be reviewed on a rolling basis. Only candidates selected for interviews will be contacted.

From June 19-21, OpenSSL had a face-to-face event in Brno, Czech Republic, for OTC members and contributors. The event provided a valuable platform for productive meetings and discussions. The gathering brought together prominent individuals from the OpenSSL community, fostering robust and enlightening exchanges. This event served as a crucial opportunity for introspection and future planning, encouraging open dialogue on various facets of the OpenSSL project.

• Discussions were held about introducing a new time-based release policy for OpenSSL. This policy aims to improve the predictability of release schedules and content. Part of this discussion also touched on how to effectively plan and assess feature readiness before each release.
• To enhance project management, the use of feature branches for more complex features was suggested. This idea was paired with the proposal to establish clearly defined criteria for the review and approval of code.
• As part of improving decision-making within the project, dialogues were carried out on how to best select features for inclusion. The proposal to establish a review body, focused on making these decisions and prioritizing features, was also put forward.
• Inspired by Apache’s practices, improvements to the existing security policy were considered and discussed.
• As part of addressing the project’s technical debt, suggestions were made to discuss infallible locking and mandatory atomics. The goal was to streamline locking mechanisms and reduce code complexity.
• Tomas Mraz and Dmitry Belyavsky held personal sessions where they discussed different approaches. Tomas delved into the approach of using decoupled low-level crypto libraries, while Belyavsky considered the potential for incorporating more pluggable elements within OpenSSL.
• Richard Levitte highlighted several areas of technical debt that need addressing. These included issues with composite algorithm names, the functionality of Password-Based Encryption (PBE), and AlgorithmIdentifier parameters. He also proposed potential solutions to these identified issues.

• The OpenSSL project has some performance issues. These need to be addressed by setting performance standards and testing before making changes. The team has agreed to prioritize this process.
• Technical debt is another problem that needs to be dealt with. The proposed solutions are:
  • Setting performance targets.
  • Improving inefficient data structures.
• The team also discussed ways to improve engagement with the community, including:
  • Updating the current outdated communication channels.
  • Revamping the website.
  • Creating a separate space for user queries and software issues.
  • Starting to use GitHub Discussions for better communication.
• Supporting different OpenSSL versions poses challenges. The team also discussed how to manage Long Term Support (LTS) releases.
• When talking about the QUIC protocol, several points were emphasized:
  • Its development is crucial.
  • Features need to be prioritized.
  • It’s important to gather feedback early.
  • There was agreement to turn on QUIC by default in the next release.
• Nicola Tuveri pointed out that the BIGNUM issue needs to be addressed. He suggested setting aside dedicated resources to work on it.
• Code reviews are essential for maintaining the quality of the project. Documentation should be easy to understand and useful for users. The team stressed its importance.
• The error API has some problems. These were discussed along with potential solutions.

• The OTC retrospective highlighted the need for diversity and improved communication.
  • A proposal for a Special Interest Group (SiG) model was made.
  • The necessity for regular communication with communities was identified.
  • A need for reevaluation of membership criteria was highlighted.
• The team acknowledged the presence of technical debt in OpenSSL. Challenges like code redundancy and inconsistent APIs were noted within OpenSSL. Refactoring was seen as a potential solution to these OpenSSL challenges.
• Updates and improvements to the Certificate Management Protocol (CMP) were discussed. Focus was placed on interoperability and testing within the CMP.
• Red Hat engineers shared their journey towards FIPS compliance. Their approach to security vulnerabilities was discussed.
• Solutions for managing parameters and configurations were examined.
• The challenge of accessing entropy sources was discussed. A proposition to enhance randomness providers was made.
• The implementation of Post-Quantum Cryptography was also discussed. Focus was put on compatibility between OQS and OpenSSL in the future.
• Red Hat presented several significant issues, including confirmed bugs. There was also a discussion on features needing careful consideration by Red Hat.
• The experience of writing a PKCS#11 provider emphasized the need for better documentation. The need for more supportive resources for writing a PKCS#11 provider was also discussed.

For a meeting last week I wanted to show how much of OpenSSL is being written by people paid to do so by their employers, and how much was from individuals in their own time. And it turns out most of OpenSSL is written by people paid to do so. This is crucial to understanding the critical role that corporations provide to Open Source projects such as OpenSSL.

After extensive feedback from our communities, OpenSSL is pleased to announce that we have formally adopted the Mission and Values Statement, and will now be aligning our activities to support these.

You can view our new Mission and Values Statment here.

We would like to extend our sincere thanks to all those who provided feedback to us. We have reviewed all the comments and responses, which showed that a clear majority (around 70%) agreed on OpenSSL adopting the Mission and Values Statement. It was really beneficial to hear from our various communities and we will continue to seek out your feedback in the future.

To show our appreciation we have decided to extend the free OpenSSL T-shirt offer to all respondents and will be contacting you shortly to arrange sizing and delivery.

While it was clear from your feedback that we have a way to go before we meet our Mission and Values Statement, formally adopting this is the first step along the path to a more transparent and open OpenSSL. We hope that you will continue to support us as we move forward.

OpenSSL 1.1.1 series will reach End of Life (EOL) on 11th September 2023. Users of OpenSSL 1.1.1 should consider their options and plan any actions they might need to take.