Updates, insights, and news from the team behind the world's most widely used cryptographic library.

The IETF has been deciding whether to publish a document describing standalone ML-KEM in TLS 1.3. The argument is loud. Our position is not.
Read article
The people who write and maintain the world’s most widely used cryptographic library left the commit log behind, set up a stand at DevConf.cz, and spent two days answering the community’s hardest questions in person.

Sunshine, polar bears, a ribbon to cut, and a table buried in crayons. The company that secures most of the internet spent Saturday at Zoo Brno — and it was the best kind of family day out.

The people who maintain the world’s most widely used cryptographic library closed their laptops, came to Brno, and spent a week at one table at the Corporation’s main office. A field letter on what the week was for.

Notes from Excel@FIT 2026, and the wider Brno partnership that brought us to a fourteenth-century monastery on a perfectly ordinary morning in May.

Four days. A fresh 4.0 in hand, two talks at the podium, a Large Business Community convened for the first time, seventeen exhibitors in the hall.

Tomáš Vávra walks the room through post-quantum cryptography in the OpenSSL Library — ML-KEM, ML-DSA, SLH-DSA, three FIPS standards, fifteen interop providers.

Tim Hudson takes OpenSSL 4.0 to ICMC — the release that finally put SSL in the rearview, retired the ENGINE API after twenty-six years.

A field report from the OpenSSL Corporation team — somewhere between a cloudy runway view, a very stubborn booth panel, and the oldest saloon in Washington.
The final release of OpenSSL 4.0 is now live. We would like to thank all those who contributed to the OpenSSL 4.0 release, without whom the OpenSSL

A week-long face-to-face meeting in Australia with Bouncy Castle and cryptlib — strategy, project insights, and stronger cross-project relationships.
From February 23–27, 2026, we gathered in Kedesh-Haven, Australia, for a week-long face-to-face meeting with colleagues from Bouncy Castle and cryptlib.
The results of the 2026 Business and Technical Advisory Committees elections, following a three-week community voting period from February 2–20.

A new cooperation agreement with FI MU reinforcing secure and trustworthy cryptographic software, research, and education.

A year of targeted investment, expanded capacity, and increased engagement with the global OpenSSL community.

On January 31 and February 1, the OpenSSL Corporation participated in FOSDEM 2026 in Brussels, Belgium, with over 8,000 hackers and developers.

Voting for the 2026 Business and Technical Advisory Committees elections is now open.
The OpenSSL Corporation opens the 2026 Business and Technical Advisory Committees' elections, inviting the community to help shape the project's direction.
An online Q&A webinar on the 2026 Advisory Committee elections — how they work, who can stand, and how to take part.

The OpenSSL Corporation at IETF 124 in Montreal — standards work and conversations across the protocol community.

The OpenSSL Corporation at OpenAlt 2025 in Brno — talks and community across the open-source scene.
The inaugural OpenSSL Conference, held in Prague on October 7–9, brought the full community together in person for the first time — over 400 participants from 30+ countries.

Lightship Security and the OpenSSL Corporation announce the submission of OpenSSL 3.5.4 to the CMVP.

The OpenSSL Corporation is preparing its production code signing environment with Entrust nShield 5c network-attached Hardware Security Modules (HSMs).

Welcome Brno – Our Grand Opening Day The OpenSSL Corporation Celebrates New Office in Brno: A Hub for Innovation and Community Our new office in Brno,

The OpenSSL Corporation participated in a significant occasion, the Grand Reopening of the new Beringia enclosure at ZOO Brno. As the general sponsor of

Early Bird registration is now open for the inaugural OpenSSL Conference, taking place from October 7 to 9, 2025, in Prague, Czech Republic. Take

JOIN US FOR THE GRAND OPENING OF OUR NEW OFFICE IN BRNO The OpenSSL Corporation is opening a new office in Brno, Czech Republic, on Wednesday, August 20,
At the OpenSSL Corporation, we believe that security and privacy are fundamental human rights for everyone, everywhere. This belief does not end at the
NYC Tech Week 2025 brought together technology leaders, researchers, and policymakers across New York City for critical conversations shaping the future
DevConf.CZ 2025 in Brno (June 12 – 14) offered more than a platform for technical exchange — it served as a meaningful waypoint in the ongoing journey of
On May 27, the OpenSSL Corporation participated in Brno Libraries Day (Brno, Czech Republic), joining 26 Brno libraries at a vibrant event dedicated to
The OpenSSL Conference 2025 is extending its Call for Papers (CFP) deadline to June 22, 2025. We understand that the best proposals often come from teams
From May 14–16, the OpenSSL Corporation hosted a face-to-face working session in Brno, Czech Republic. The meeting was designed to bring together
The OpenSSL Corporation and the OpenSSL Foundation are launching the Distinguished Contributor Awards, a new programme formally recognising exceptional
Dates: October 7–9, 2025 Location: Prague, Czech Republic Submission Deadline: May 31, 2025 The OpenSSL Conference 2025 is accepting proposals for talks,
The OpenSSL Corporation and the OpenSSL Foundation certify the results of the Technical Advisory Committee (TAC) elections. After a thorough nomination
As RSA Conference 2025 concludes, we are reflecting on a week of meaningful dialogues about the future of cryptography and how the OpenSSL Library
Thank you to everyone who registered and to those who took the extra step to nominate candidates for the Technical Advisory Committees (TACs) of the
The ICMC 2025 gathering in Toronto brought together practitioners committed to advancing and maintaining cryptographic assurance through evolving
The nomination period for the Technical Advisory Committees (TACs) has been extended. The new deadline is Sunday, April 27, 2025. Take advantage of the
The final release of OpenSSL 3.5 is now live. We would like to thank all those who contributed to the OpenSSL 3.5 release, without whom the OpenSSL
The OpenSSL Corporation and the OpenSSL Foundation are pleased to announce the OpenSSL Conference 2025, taking place from October 7 to 9, 2025, in the
On March 24 and 25, 2025, we hosted two live Q&A sessions to discuss the formation and role of the new Technical Advisory Committees (TACs) concerning the
Thank you to everyone who registered and to those who went the extra mile to nominate candidates for the Technical Advisory Committees of the OpenSSL
At the OpenSSL Corporation, we are shaping the future of secure communication—and we are doing it from our growing base in Brno, Czech Republic. Our
The OpenSSL Corporation (primarily focused on commercial communities) and the OpenSSL Foundation (primarily focused on non-commercial communities) are
The OpenSSL Corporation is pleased to announce that OpenSSL version 3.1.2 has achieved FIPS 140-3 validation, signifying its compliance with the rigorous
Understanding and effectively managing diverse personalities within an organization is crucial for fostering a harmonious and productive work environment.
The election for the OpenSSL Corporation Board of Directors has now concluded. All eligible members have cast their votes, and it is confirmed that Tim
At the OpenSSL Corporation, we understand the value of collaboration, and while remote work keeps us connected, nothing beats the energy of meeting in
The OpenSSL Corporation is announcing an election for its Board of Directors in February. Please visit our Corporation Members page at
We are pleased to present the OpenSSL Corporation Annual Report 2024, offering a comprehensive overview of our progress, key developments, and strategic
OpenSSL’s FIPS 140-3 module has progressed from the “Review Pending” phase to the “Coordination” phase on the NIST CMVP Modules-In-Process list. This
On January 13, 2025, OpenSSL Corporation hosted its inaugural Business Advisory Committee (BAC) meeting, marking a significant milestone in the project's
The anticipated future arrival of cryptographically relevant quantum computers (CRQCs), that could undermine the algorithms that underlie the currently
Upon certification of the election results by the Election Committee, the OpenSSL Foundation and the OpenSSL Corporation are pleased to announce the
Thank you to everyone who registered, as well as those who took the extra step to nominate candidates, for the Business Advisory Committees of the OpenSSL
Thank you to everyone who attended our Q&A sessions about the formation of Business Advisory Committees. We received valuable input from our communities,
To align with our mission, we have provisioned mirrors for our websites, hosted through our chosen CDN vendor: These mirrors are accessible in locations
The OpenSSL Foundation and the OpenSSL Corporation are pleased to announce the successful conclusion of the inaugural meeting with Bouncy Castle and
Thank you to everyone who registered, as well as to those who took the extra step to nominate candidates, for the Business Advisory Committees of the
Advance Your Skills in X.509 Certificate Management with OpenSSL Date: Nov 21, 2024 Time: 04:00 PM Eastern Time (US and Canada) Duration: 1 hour Location:
The OpenSSL Foundation (primarily focused on non-commercial communities) and the OpenSSL Corporation (primarily focused on commercial communities) are
The final release of OpenSSL 3.4 is now live. We would like to thank all those who contributed to the OpenSSL 3.4 release, without whom OpenSSL would not
OpenSSL 3.4 beta 1 has now been made available. Our beta releases are considered feature complete for the release, meaning that between now and the final
OpenSSL Corporation's participation as a Silver Sponsor at the International Cryptographic Module Conference (ICMC) 18th - 20th September 2024 marked an
OpenSSL is sharing Lightship Security's latest press release, highlighting the new partnership with the OpenSSL Corporation. Read the full release below:
Recently NIST published a number of post-quantum algorithm standards (ML-KEM, ML-DSA, and SLH-DSA). With these new NIST publications, OpenSSL is now
OpenSSL 3.4 alpha 1 has now been made available. Our Alpha releases are considered feature complete for the release, meaning that between now and the
Recently, OpenSSL proposed the deprecation of TLS 1.0/1.1 and solicited community feedback on the idea. Feedback on the proposal was generally split down
Debugging is a crucial aspect of developing and maintaining reliable software. However, debugging can become particularly challenging when applications
OpenSSL is pleased to announce its participation as a Silver Sponsor at the upcoming International Cryptographic Module Conference (ICMC) 2024, taking
The freeze date for OpenSSL 3.4 Alpha is rapidly approaching. Alpha freeze approaching The freeze date for OpenSSL 3.4 Alpha is rapidly approaching.
As part of our ongoing journey, OpenSSL is evolving to provide more opportunities for engagement that more effectively align with our mission statement
OpenSSL is hiring for a mid level engineer to join our team We are seeking a Software Engineer to join our team. As a Software Engineer at OpenSSL, you
This year, OpenSSL will be attending RSA Conference 2024, one of the world’s largest cybersecurity events. Throughout May 6-9 in San Francisco, we are
The OpenSSL Project has returned from spending a week in February sequestered in the beautiful Australian outback discussing the past, current, and future
We are pleased to announce that we have successfully distributed nearly 100 limited edition T-shirts commemorating the 25th anniversary of OpenSSL's
This year, we had the privilege of participating in FOSDEM for the first time. This offered us an opportunity to engage with the open source community at
As many of you are aware we have undergone a lot of internal organisation changes within the OpenSSL Project in the last couple of years, one of the key
On 2023-12-29 we have submitted our FIPS 140-3 validation report to NIST's [Cryptographic Module Validation Program] (CMVP). This in no way impacts our
We are thrilled to announce a major leap forward in our efforts to connect with the community and share valuable insights—OpenSSL now has its own YouTube
We are thrilled to announce a special celebration in honor of OpenSSL's 25th anniversary! Two and a half decades of commitment to security, reliability,
In the ever-evolving landscape of cybersecurity, staying ahead of potential threats is crucial. The OpenSSL project has been at the forefront of
As you may know the OpenSSL Project recently attended ICMC 23 where we were given the opportunity to update our peers about the rapid fundamental changes
As a part of our mission to be more open and engaged with our community, OpenSSL is pleased to announce we will be attending the International
The OpenSSL Management Committee (OMC) represents the official voice of the project and is ultimately responsible for all decisions regarding management
OpenSSL 1.1.1 series has reached its End of Life (EOL). As such it will no longer receive publicly available security fixes. OpenSSL 1.1.1 was released on
This is the end of an era for OpenSSL with the last of the original founders of the project passing on the torch to the current leadership of the project
At OpenSSL, we're always learning and taking small steps, informed by both fresh ideas and the feedback we receive. Today, we'd like to share a couple of
We recently published our mission statement and values which included that our governance should be transparent. We've not really talked much about how
UPDATE: Please note this position has been filled. Job Description We are seeking a dynamic and innovative DevOps Engineer to join our team. This role
UPDATE: Please note this position has been filled. Job Description We are seeking a Software Engineer to join our team. As a Software Engineer at OpenSSL,
UPDATE: Please note this position has been filled. Job Description We are seeking a passionate, tech-savvy individual to act as a Community Engagement
For a meeting last week I wanted to show how much of OpenSSL is being written by people paid to do so by their employers, and how much was from
After extensive feedback from our communities, OpenSSL is pleased to announce that we have formally adopted the Mission and Values Statement, and will now
OpenSSL 1.1.1 series will reach End of Life (EOL) on 11th September 2023. Users of OpenSSL 1.1.1 should consider their options and plan any actions they
The OpenSSL project is pleased to announce that the first of the rebranded [FIPS 140-2] certificates, available exclusively to our Premium Support
OpenSSL would like to thank everyone who has provided feedback on our draft mission & values statement. The response has been great, and the feedback is
We are thrilled to announce that Anton Arapov has joined the OpenSSL team! Anton brings a wealth of experience to the project, having previously worked on
In February 2023, the OpenSSL project held a face-to-face meeting in Queensland, Australia, which was attended by most of the project's full-time
Following the successful OpenSSL 2023 face-to-face conference, OpenSSL has produced a draft mission & values statement. Once finalised, we intend to
We are thrilled to inform you that the complimentary FIPS rebranding service for our premium support customers has been extended. As part of this
UPDATE: Please note this position has been filled. UPDATE: The application period has been extended due to the Holiday Season. The OpenSSL Management
The OpenSSL Management Committee (OMC) on behalf of the OpenSSL Project is pleased to announce that the project is partnering with [KeyPair Consulting]
After 2 years of forced covid break, OpenSSL once again presented at the ICMC22 conference. The conference was a very pleasant meet-up of the community
OpenSSL is celebrating our FIPS 140-2 certification with a special offer for our Premium Support Customers by providing access to a free rebranding of the
The OpenSSL Management Committee on behalf of the OpenSSL Project is pleased to announce that the OpenSSL 3.0 FIPS Provider has had its FIPS 140-2
UPDATE: Please note this position has been filled. The OpenSSL Management Committee are looking to hire a full time Platform Engineer. This is a sysadmin
UPDATE: Please note this position has been filled. The OpenSSL Management Committee are looking to hire a full time Business Operations Administrator.
UPDATE: Please note these positions have been filled. The OpenSSL Management Committee are looking to hire a full time Developer and a full time Manager.
The OpenSSL Management Committee are looking to hire a full time Administrator and Manager. Details of the role follow. To apply please send your cover
We're planning to extend who we prenotify of any future High and Critical security issues. Last month we dealt with a High severity security vulnerability
We have previously talked about our plans for OpenSSL 3.0 and FIPS support here. This blog post will give an update about what has been happening since
At the Face to Face meeting held on the occasion of the ICMC19 Conference in Vancouver, a novelty was introduced: For the last day of the meeting all
As mentioned in a previous blog post, OpenSSL team members met with various representatives of the FIPS sponsor organisations back in September last year
20 years ago, on the 23rd December 1998, the first version of OpenSSL was released. OpenSSL was not the original name planned for the project but it was
The OpenSSL Management Committee has been looking at the versioning scheme that is currently in use. Over the years we've received plenty of feedback
The OpenSSL Management Committee (OMC) on behalf of the OpenSSL Project would like to formally express its thanks to the following organisations for
After two years of work we are excited to be releasing our latest version today - OpenSSL 1.1.1. This is also our new Long Term Support (LTS) version and
Back around the end of 2014 we posted our release strategy. This was the first time we defined support timelines for our releases, and added the concept
The following is a press release that we just put out about how finishing off our relicensing effort. For the impatient, please see
At the face to face last year we discussed future funding models, and we are exploring a range of possible options. One suggestion raised was we could
The OpenSSL OMC met last month for a two-day face-to-face meeting in London, and like previous F2F meetings, most of the team was present and we addressed
Today I have had great pleasure in attending the Real World Crypto 2018 conference in Zürich in order to receive the Levchin prize on behalf of the
Press Coverage There have been more articles written based on the interviews with Paul Yang from BaishanCloud, Tim Hudson, and Steve Marquess from the
We had been invited to spend time with the open source community in China by one of the developers - Paul Yang - who participates in the OpenSSL project.
Over the past few years we've come to the realisation that there is a surprising (to us) amount of interest in OpenSSL in China. That shouldn't have been
We've had a change in the stakeholder aspect of this new FIPS 140 validation effort. The original sponsor, SafeLogic, with whom we jump-started this
It's been almost a year since plans for a new FIPS 140 validation were first announced. Several factors have led to this long delay. For one, we chose to
The following is a press release that we just released, with the cooperation and financial support of the Core Infrastructure Initiative and the Linux
Last October, the OpenSSL Project team had a face to face meeting. We talked about many topics but one of them was that, in recent years, we have seen
The audit took place during 2015 in two phases while the OpenSSL project was working on the development of the (now released) 1.1.0 version. We chose to
This is another in the series of posts about decisions we made at our face-to-face meeting a couple of weeks ago. We updated the project roadmap. I think
The last post on this topic sounded a skeptical note on the prospects for a new FIPS 140 validated module for OpenSSL 1.1 and beyond. That post noted a
We've just added a new severity level called "critical severity" to our security policy. When we first introduced the policy, over a year ago, we just had
Some of you may have noticed that the upcoming 1.1 release doesn't include any FIPS support. That omission is not by choice; it was forced on us by
Over the last 10 years, OpenSSL has published advisories on over 100 vulnerabilities. Many more were likely silently fixed in the early days, but in the
The OpenSSL license is rather unique and idiosyncratic. It reflects views from when its predecessor, SSLeay, started twenty years ago. As a further