Managed by OpenSSL Management Committee, consisting of 7 members and 20 people with commit rights.
Open source software toolkit.
Includes cryptography, SSL/TLS Libraries, command line utility that uses the libraries.
Can be used to generate Encryption Keys, X.509 certificates.
Used by SWEs and Engineers.
SSL is a protocol designed to provide secure comm over insecure network.
SSL achieves communication security by utilising Symmetric And Asymmetric Cryptography.
SSL was developed in 95 by Netscapes Communication Corporation and deprecated in 2015 in favor for it’s successor the TLS protocol.
The OpenSSL is used for TLS althoug it has “SSL” in it’s name.
OpenSSL supports:
symmetric and asymmetric encryption
digital signatures
message digest
key exchange
What’s new in OpenSSL 3.0?
Changed from BSD Style Open Source to Apache License 2.0
Slowly migrating from Engines to Providers
Kernel TLS introduced which enables an application using OpenSSL to create a special TLS Socket, just like a TCP Socket.
OpenSSL then performs a TLS handshake and hands over the negotiated encryption key and other data to the oeprating system kernel in the form of TLS socket options.
Then actual data transimission is handled by KTLS code. Such TLS offloading to kernel sppeds up data transimission on high load systems.
Other SSL Libraries
GnuTLS LGPL 2.1 License
NSS or Network Security Services licensed under Mozilla Public License 2.0
Botan licensed under two-clause BSD License
Light-weigh TLS Libraries like wolfSSL for ioT products
LibreSSL by OpenBSD
BoringSSL by Google
Show All OpenSSL Binary Details
~:openssl version -a
OpenSSL 3.0.10 1 Aug 2023 (Library: OpenSSL 3.0.10 1 Aug 2023)
built on: Wed Feb 21 10:45:39 2024 UTC
platform: debian-amd64
options: bn(64,64)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -fzero-call-used-regs=used-gpr -DOPENSSL_TLS_SECURITY_LEVEL=2 -Wa,--noexecstack -g -O2 -ffile-prefix-map=/build/openssl-YSd17K/openssl-3.0.10=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -fdebug-prefix-map=/build/openssl-YSd17K/openssl-3.0.10=/usr/src/openssl-3.0.10-1ubuntu2.3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_BUILDING_OPENSSL -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
OPENSSLDIR: "/usr/lib/ssl"
ENGINESDIR: "/usr/lib/x86_64-linux-gnu/engines-3"
MODULESDIR: "/usr/lib/x86_64-linux-gnu/ossl-modules"
Seeding source: os-specific
CPUINFO: OPENSSL_ia32cap=0xfffa32234f8bffff:0x1c07ab