mirror of https://github.com/openssl/openssl.git synced 2026-02-27 12:04:09 +00:00

TLS/SSL and crypto library https://www.openssl.org

cryptography decryption encryption openssl ssl tls

C 74.4%
Perl 11.7%
Raku 11.1%
Prolog 1%
Assembly 0.5%
Other 1.1%

Find a file

Tomas Mraz fc15338f90 ossl_x509v3_cache_extensions(): Fix regression of no-rfc3779 build Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> MergeDate: Fri Feb 27 10:43:43 2026 (Merged from https://github.com/openssl/openssl/pull/30202)		2026-02-27 11:37:15 +01:00
.ctags.d	util/ and .ctags.d/: remove remaining references to deleted util/check-format.pl	2026-01-19 08:12:45 +01:00
.github	Add a ci job to validate our suppression file is up to date nightly	2026-02-24 10:11:11 -05:00
apps	Improved reporting of shared and peer sigalgs	2026-02-25 12:30:14 +01:00
cloudflare-quiche@7ab6a55cfe	Update Cloudflare Quiche to fix a build issue	2023-08-29 14:51:33 +02:00
Configurations	Fix clean target to remove test-runs directory	2026-02-26 14:47:31 +01:00
crypto	ossl_x509v3_cache_extensions(): Fix regression of no-rfc3779 build	2026-02-27 11:37:15 +01:00
demos	Let's support multiple names for certificate verification	2026-02-24 09:03:39 -05:00
dev	Point to new docs location	2025-04-15 15:56:16 +01:00
doc	Constify X509_check_issued and friends	2026-02-26 09:58:27 -05:00
exporters	Removes trailing whitespace from generated pkg-config .pc files	2026-02-25 10:53:13 +01:00
external/perl	Update the bundled external perl module Text-Template to version 1.56	2019-09-12 12:53:32 +02:00
fuzz	Removes fixed version TLS methods.	2026-02-24 16:19:35 -05:00
gost-engine@74b1f4fddb	update to latest version of gost-engine	2025-04-09 14:04:09 -04:00
include	Constify X509_check_issued and friends	2026-02-26 09:58:27 -05:00
krb5@784c38f50e	Update krb5 to latest master to pick up CVE fixes	2024-08-14 17:57:43 +02:00
ms	4.0-POST-CLANG-FORMAT-WEBKIT	2025-12-09 00:28:19 -07:00
oqs-provider@c5fb439e4f	Update oqs-provider to current, which support opaque asn1 strings	2026-02-25 11:13:16 +01:00
os-dep	Add an Apple privacy info file for OpenSSL	2024-04-26 14:01:36 +02:00
pkcs11-provider@663dea335c	Update pkcs11-provider submodule (663dea3)	2025-10-03 13:09:42 -04:00
providers	FIPS self tests: fix config options when -no-bulk is used	2026-02-25 12:02:00 +01:00
pyca-cryptography@0e855f9526	update pyca-cryptography to latest master	2025-04-01 09:23:02 -04:00
python-ecdsa@4096fa0171	update tlsfuzzer to new version	2024-10-21 11:40:16 +01:00
ssl	Remove dead code in ossl_ech_copy_inner2outer	2026-02-25 10:32:51 -05:00
test	test_sigalgs_available(): Add missing FALLTHROUGH annotation	2026-02-25 14:54:03 +01:00
tlsfuzzer@61f45d9701	update tlsfuzzer to new version	2024-10-21 11:40:16 +01:00
tlslite-ng@77ef321dde	update tlsfuzzer to new version	2024-10-21 11:40:16 +01:00
util	Improved reporting of shared and peer sigalgs	2026-02-25 12:30:14 +01:00
VMS	Remove the c_rehash script	2025-12-19 16:10:24 +01:00
wycheproof@aca4706625	update wycheproof submodule to latest master	2025-04-01 09:23:02 -04:00
.clang-format	Remove remaining RAND_DRBG.	2026-02-17 09:09:01 -05:00
.codespellrc	s_client and s_server options for ECH	2026-02-20 16:40:25 +00:00
.git-blame-ignore-revs	add 4.0 clang-format diff to .git-blame-ignore-revs	2025-12-09 01:38:27 -07:00
.gitattributes	More polish and renamed codec tests	2025-02-14 10:50:58 +01:00
.gitignore	Add tests and documentation and fix a couple of issues identified by added tests	2026-02-20 16:40:25 +00:00
.gitmodules	the rpki-client external test should use relase version not a master branch on github	2025-08-09 09:38:39 -04:00
.pre-commit-config.yaml	Add clang-format file exclusions for generated files related to OBJ	2026-01-13 11:13:33 +01:00
ACKNOWLEDGEMENTS.md	Fix various typos, repeated words, align some spelling to LDP.	2022-10-12 16:55:28 +11:00
AUTHORS.md	EVP_DecodeUpdate() should not produce padding zeros to the decoded output (Fixes #26677 )	2025-02-27 17:38:57 +00:00
build.info	Add support for CSHAKE.	2026-01-23 15:07:51 +01:00
CHANGES.md	Improved reporting of shared and peer sigalgs	2026-02-25 12:30:14 +01:00
CODE-OF-CONDUCT.md	Add CODE-OF-CONDUCT.md	2022-08-18 16:32:23 +02:00
config	config: Turn into a simple wrapper	2020-06-28 18:34:36 +02:00
config.com	Update copyright year	2020-07-16 14:47:04 +02:00
configdata.pm.in	die() in .tmpl file should not be silently ignored.	2024-11-29 17:07:40 +01:00
Configure	ECH build artefacts and a bit of code	2026-02-20 16:40:25 +00:00
CONTRIBUTING.md	Update documentation with guidelines for commit and PR messages	2026-02-24 11:07:49 +11:00
funding.json	Fix a funding.json error	2025-01-07 17:18:36 +00:00
HACKING.md	Add more instructions in HACKING.md	2025-05-23 18:08:51 +02:00
INSTALL.md	Add tests and documentation and fix a couple of issues identified by added tests	2026-02-20 16:40:25 +00:00
LICENSE.txt	Rename NOTES, README, VERSION, HACKING, LICENSE to .md or .txt	2020-07-05 11:29:43 +02:00
NEWS.md	ECH: change from I-D to RFC 9849 and resolve TODO(ECH) cases	2026-02-20 16:40:25 +00:00
NOTES-ANDROID.md	Add support in configuration for android-riscv64	2024-02-05 10:08:23 +01:00
NOTES-C99.md	Add unsupported features in NOTES-C99.md: complex.h and variable length array	2025-09-23 10:36:15 +02:00
NOTES-DJGPP.md	Unify the markdown links to the NOTES and README files	2021-02-12 20:41:32 +01:00
NOTES-NONSTOP.md	Update documentation using enable-ssl3 Configure flags	2025-12-23 10:54:08 -05:00
NOTES-PERL.md	Fix various typos, repeated words, align some spelling to LDP.	2022-10-12 16:55:28 +11:00
NOTES-POSIX.md	Add installation documentation and notes on ANSI C and POSIX	2024-05-22 09:59:32 +02:00
NOTES-UNIX.md	Fixed some grammar and spelling	2022-10-09 17:40:29 +02:00
NOTES-VALGRIND.md	Update NOTES-VALGRIND.md to document valgrind compaints on reachable	2026-02-11 14:40:48 -05:00
NOTES-VMS.md	Add information on the 'ias' port for OpenVMS	2023-05-19 10:02:04 +10:00
NOTES-WINDOWS.md	Remove ENGINESDIR variable and engines installation from Makefiles.	2025-12-04 07:31:06 -05:00
README-FIPS.md	fix: update remaining 3.5.0 references to 3.6.0 in README-FIPS.md	2026-02-13 15:55:07 +01:00
README-PROVIDERS.md	Point to new docs location	2025-04-15 15:56:16 +01:00
README-QUIC.md	Fix typos and whitespace	2025-08-30 09:38:01 -04:00
README.md	doc: add OpenSSL 3.6 to README documentation links	2026-02-13 15:55:07 +01:00
SUPPORT.md	Fix Markdown links in SUPPORT.md	2021-12-08 15:09:36 +11:00
VERSION.dat	The next version to be released from master is 4.0	2025-09-04 10:40:04 +01:00

README.md

Welcome to the OpenSSL Project

OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit for the Transport Layer Security (TLS, formerly SSL), Datagram TLS (DTLS), and QUIC protocols.

The protocol implementations are based on a full-strength general purpose cryptographic library, which can also be used stand-alone. Also included is a cryptographic module validated to conform with FIPS standards.

OpenSSL is descended from the SSLeay library developed by Eric A. Young and Tim J. Hudson.

The official Home Page of the OpenSSL Project is www.openssl.org.

Overview
Download
Build and Install
Documentation
License
Support
Contributing
Legalities

Overview

The OpenSSL toolkit includes:

libssl an implementation of all TLS protocol versions up to TLSv1.3 (RFC 8446), DTLS protocol versions up to DTLSv1.2 (RFC 6347) and the QUIC version 1 protocol (RFC 9000).
libcrypto a full-strength general purpose cryptographic library. It constitutes the basis of the TLS implementation, but can also be used independently.
openssl the OpenSSL command line tool, a swiss army knife for cryptographic tasks, testing and analyzing. It can be used for
- creation of key parameters
- creation of X.509 certificates, CSRs and CRLs
- calculation of message digests
- encryption and decryption
- SSL/TLS/DTLS and client and server tests
- QUIC client tests
- handling of S/MIME signed or encrypted mail
- and more...

Download

For Production Use

Source code tarballs of the official releases can be downloaded from openssl-library.org/source/. The OpenSSL project does not distribute the toolkit in binary form.

However, for a large variety of operating systems precompiled versions of the OpenSSL toolkit are available. In particular, on Linux and other Unix operating systems, it is normally recommended to link against the precompiled shared libraries provided by the distributor or vendor.

We also maintain a list of third parties that produce OpenSSL binaries for various Operating Systems (including Windows) on the Binaries page on our wiki.

For Testing and Development

Although testing and development could in theory also be done using the source tarballs, having a local copy of the git repository with the entire project history gives you much more insight into the code base.

The main OpenSSL Git repository is private. There is a public GitHub mirror of it at github.com/openssl/openssl, which is updated automatically from the former on every commit.

A local copy of the Git repository can be obtained by cloning it from the GitHub mirror using

git clone https://github.com/openssl/openssl.git

If you intend to contribute to OpenSSL, either to fix bugs or contribute new features, you need to fork the GitHub mirror and clone your public fork instead.

git clone https://github.com/yourname/openssl.git

This is necessary because all development of OpenSSL nowadays is done via GitHub pull requests. For more details, see Contributing.

Build and Install

After obtaining the Source, have a look at the INSTALL file for detailed instructions about building and installing OpenSSL. For some platforms, the installation instructions are amended by a platform specific document.

Specific notes on upgrading to OpenSSL 3.x from previous versions can be found in the ossl-guide-migration(7ossl) manual page.

Documentation

README Files

There are some README.md files in the top level of the source distribution containing additional information on specific topics.

The OpenSSL Guide

There are some tutorial and introductory pages on some important OpenSSL topics within the OpenSSL Guide.

Manual Pages

The manual pages for the master branch and all current stable releases are available online.

Demos

There are numerous source code demos for using various OpenSSL capabilities in the demos subfolder.

Wiki

There is a GitHub Wiki which is currently not very active.

License

OpenSSL is licensed under the Apache License 2.0, which means that you are free to get and use it for commercial and non-commercial purposes as long as you fulfill its conditions.

See the LICENSE.txt file for more details.

Support

There are various ways to get in touch. The correct channel depends on your requirement. See the SUPPORT file for more details.

Contributing

If you are interested and willing to contribute to the OpenSSL project, please take a look at the CONTRIBUTING file.

Legalities

A number of nations restrict the use or export of cryptography. If you are potentially subject to such restrictions, you should seek legal advice before attempting to develop or distribute cryptographic code.