The master sources are maintained in our git repository, which is accessible over the network and cloned on GitHub, at https://github.com/openssl/openssl. Bugs and pull patches (issues and pull requests) should be file on the GitHub repo. Please familiarize yourself with the license.
The table below lists the latest releases for every branch. (For an explanation of the numbering, see our release strategy.) All releases can be found at /source/old. A list of mirror sites can be found here.
Note: The latest stable version is the 1.1.0 series. The 1.0.2 series is our Long Term Support (LTS) release, supported until 31st December 2019. The 0.9.8, 1.0.0 and 1.0.1 versions are now out of support and should not be used.
|5247||2017-Nov-02 14:51:59||openssl-1.0.2m.tar.gz (SHA256) (PGP sign) (SHA1)|
|5278||2017-Nov-02 14:51:59||openssl-1.1.0g.tar.gz (SHA256) (PGP sign) (SHA1)|
|1457||2017-May-24 18:01:01||openssl-fips-2.0.16.tar.gz (SHA256) (PGP sign) (SHA1)|
|1437||2017-May-24 18:01:01||openssl-fips-ecp-2.0.16.tar.gz (SHA256) (PGP sign) (SHA1)|
When building a release for the first time, please make sure to look at the README and INSTALL files in the distribution. If you have problems, look at the FAQ, which can be found online.
PGP keys for the signatures are available from the OMC page. Current members that sign releases include Richard Levitte, Stephen Henson and Matt Caswell.
Each day we make a snapshot of each development branch. They can be found at https://www.openssl.org/source/snapshot/. These daily snapshots of the source tree are provided for convenience only and not even guaranteed to compile. Note that keeping a git local repository and updating it every 24 hours is equivalent and will often be faster and more efficient.
Please remember that export/import and/or use of strong cryptography software, providing cryptography hooks, or even just communicating technical details about cryptography software is illegal in some parts of the world. So when you import this package to your country, re-distribute it from there or even just email technical suggestions or even source patches to the authors or other people you are strongly advised to pay close attention to any laws or regulations which apply to you. The authors of OpenSSL are not liable for any violations you make here. So be careful, it is your responsibility.