OpenSSL Blog

Starting the QUIC Design


The OTC recently agreed a new design process that needs to be followed for future releases. See here for details. Moving forward designs for significant features should be captured and stored alongside the documentation in our main source code repository and updated if necessary during the development process.

OpenSSL Update


The OpenSSL community is a diverse group, ranging from those that use applications that depend on OpenSSL (effectively end-users) to operating system distributions, application developers, embedded devices, layered security libraries, and cryptographic algorithm and protocol researchers. Each of these subsets of our community have different needs and different priorities.

OpenSSL Is Looking to Hire Two Full-time Positions: Developer, and Manager


UPDATE: Please note these positions have been filled.

The OpenSSL Management Committee are looking to hire a full time Developer and a full time Manager. Details of the roles follow.

To apply please send your cover letter and resume to by 6th January 2022 (extended from 9th December 2021).

Making Changes to OpenSSL Technical Policies More Open


The OpenSSL Technical Committee decided to have a more formal but also a more open process on establishing changes to OpenSSL technical policies and other technical decisions made by the OpenSSL Technical Committee. We would like to invite the broad community of OpenSSL developers and users to participate in our decision making process.

Community Maintainers: How to Get Support for Your Platform


The OpenSSL project is seeking community maintainers to assist with supporting platforms that the project is unable to.

If you have a platform that you’d like to see supported which isn’t a primary or secondary platform as per our platform policy, you should consider stepping up as a community maintainer.

Old Let's Encrypt Root Certificate Expiration and OpenSSL 1.0.2


The currently recommended certificate chain as presented to Let’s Encrypt ACME clients when new certificates are issued contains an intermediate certificate (ISRG Root X1) that is signed by an old DST Root CA X3 certificate that expires on 2021-09-30. In some cases the OpenSSL 1.0.2 version will regard the certificates issued by the Let’s Encrypt CA as having an expired trust chain.

OpenSSL 3.0 Has Been Released!


After 3 years of development work, 17 alpha releases, 2 beta releases, over 7,500 commits and contributions from over 350 different authors we have finally released OpenSSL 3.0! In addition to this there has been a large number of contributions from our users who have been actively working with the pre-release versions to test it, make sure it works in the real world and with a large array of different applications and reporting their results. I am also delighted to note that there has been a 94% increase in the amount of documentation that we have since OpenSSL 1.1.1 and an (adjusted) increase in the “lines of code” in our tests of 54%. There has never been a better demonstration of what an active and enthusiastic community we have than when you look at the statistics for the OpenSSL 3.0 development work. Thanks to everyone who has taken part - no matter how small that part was.

OpenSSL 3.0 Release Candidate


The OpenSSL Management Committee (OMC) and the OpenSSL Technical Committee (OTC) are glad to announce our first beta release of OpenSSL 3.0. We consider this to be a release candidate and as such encourage all OpenSSL users to build and test against this beta release and provide feedback.

OpenSSL 3.0 Alpha7 Release


The OpenSSL Management Committee (OMC) and the OpenSSL Technical Committee (OTC) are glad to announce the seventh alpha release of OpenSSL 3.0.