OpenSSL Introduction


What is OpenSSL?

  • Secure Socket Layer
  • Managed by OpenSSL Management Committee, consisting of 7 members and 20 people with commit rights.
  • Open source software toolkit.
  • Includes cryptography, SSL/TLS Libraries, command line utility that uses the libraries.
  • Can be used to generate Encryption Keys, X.509 certificates.
  • Used by SWEs and Engineers.
  • SSL is a protocol designed to provide secure comm over insecure network.
  • SSL achieves communication security by utilising Symmetric And Asymmetric Cryptography.
  • SSL was developed in 95 by Netscapes Communication Corporation and deprecated in 2015 in favor for it’s successor the TLS protocol.
  • The OpenSSL is used for TLS althoug it has “SSL” in it’s name.
  • OpenSSL supports:
    • symmetric and asymmetric encryption
    • digital signatures
    • message digest
    • key exchange

What’s new in OpenSSL 3.0?

  • Changed from BSD Style Open Source to Apache License 2.0
  • Slowly migrating from Engines to Providers
  • Kernel TLS introduced which enables an application using OpenSSL to create a special TLS Socket, just like a TCP Socket.
  • OpenSSL then performs a TLS handshake and hands over the negotiated encryption key and other data to the oeprating system kernel in the form of TLS socket options.
  • Then actual data transimission is handled by KTLS code. Such TLS offloading to kernel sppeds up data transimission on high load systems.

Other SSL Libraries

  • GnuTLS LGPL 2.1 License
  • NSS or Network Security Services licensed under Mozilla Public License 2.0
  • Botan licensed under two-clause BSD License
  • Light-weigh TLS Libraries like wolfSSL for ioT products
  • LibreSSL by OpenBSD
  • BoringSSL by Google

Show All OpenSSL Binary Details

~:openssl version -a OpenSSL 3.0.10 1 Aug 2023 (Library: OpenSSL 3.0.10 1 Aug 2023) built on: Wed Feb 21 10:45:39 2024 UTC platform: debian-amd64 options: bn(64,64) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -fzero-call-used-regs=used-gpr -DOPENSSL_TLS_SECURITY_LEVEL=2 -Wa,--noexecstack -g -O2 -ffile-prefix-map=/build/openssl-YSd17K/openssl-3.0.10=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -fdebug-prefix-map=/build/openssl-YSd17K/openssl-3.0.10=/usr/src/openssl-3.0.10-1ubuntu2.3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_BUILDING_OPENSSL -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2 OPENSSLDIR: "/usr/lib/ssl" ENGINESDIR: "/usr/lib/x86_64-linux-gnu/engines-3" MODULESDIR: "/usr/lib/x86_64-linux-gnu/ossl-modules" Seeding source: os-specific CPUINFO: OPENSSL_ia32cap=0xfffa32234f8bffff:0x1c07ab