Downloads
The master sources are maintained in our git repository, which is accessible on GitHub. Please submit bugs via a GitHub issue. If you would like to make a contribution, see “How to Contribute to OpenSSL. Since 3.0, the OpenSSL Library has been released under an Apache License v2. To support us financially, make a gift to the OpenSSL Foundation.
The table below lists the latest releases for every branch. (For an explanation of the numbering, see our release strategy.) All releases can be found at /source/old.
| Series | Filename | Size | Release | End-of-Life | Checksums |
|---|---|---|---|---|---|
| 4.0 | openssl-4.0.1.tar.gz | 52.5MiB | 09 Jun 2026 | 14 May 2027 | (PGP) (SHA1) (SHA256) |
| 3.6 | openssl-3.6.3.tar.gz | 52.4MiB | 09 Jun 2026 | 01 Nov 2026 | (PGP) (SHA1) (SHA256) |
| 3.5 [LTS] | openssl-3.5.7.tar.gz | 50.7MiB | 09 Jun 2026 | 08 Apr 2030 | (PGP) (SHA1) (SHA256) |
| 3.4 | openssl-3.4.6.tar.gz | 17.5MiB | 09 Jun 2026 | 22 Oct 2026 | (PGP) (SHA1) (SHA256) |
| 3.0 [LTS] | openssl-3.0.21.tar.gz | 14.6MiB | 09 Jun 2026 | 07 Sep 2026 | (PGP) (SHA1) (SHA256) |
Note: All versions not present above are out of support and should not be used. Users of those versions are encouraged to upgrade to the newest series as soon as possible. Extended support for 1.1.1 and 1.0.2, providing continued access to security fixes is available from the OpenSSL Corporation.
The following OpenSSL version(s) are FIPS validated:
| Version | Certificate | Security Policy | FIPS Version |
|---|---|---|---|
| 3.1.2 | certificate | security policy | FIPS 140-3 |
| 3.0.9 | certificate | security policy | FIPS 140-2 |
| 3.0.8 | certificate | security policy | FIPS 140-2 |
| 3.0.0 | certificate | security policy | FIPS 140-2 |
For a list of CVEs and their impact on validated FIPS providers, visit the CVEs and FIPS page.
Please follow the Security Policy instructions to download, build and install a validated OpenSSL FIPS provider. Other OpenSSL Releases MAY use the validated FIPS provider, but MUST NOT build and use their own FIPS provider. For example you can build OpenSSL 3.4 and use the OpenSSL 3.0.9 FIPS provider with it.
Information about how to configure and use the FIPS provider in your applications is available on the FIPS module man page. You must also read the module security policy and follow the specific build and installation instructions included in it.
For an overview of some of the key concepts in OpenSSL 3.4 see the OpenSSL Guide. Much of the information in the guide is also applicable to older releases such as 3.3, 3.2, 3.1 and 3.0 except for sections relating to new features only in 3.4. Information and notes about migrating existing applications to OpenSSL 3.4 (and 3.3/3.2/3.1/3.0) are available in the OpenSSL 3.4 Migration Guide
When building a release for the first time, please make sure to look at the INSTALL file in the distribution along with any NOTES file applicable to your platform. If you have problems, then join the openssl-users email list and post a question there.
The current releases are signed by the OpenSSL signing certificate whose primary key has the fingerprint B146 647E 45A7 B339 47AB 226B 2A2C 87D1 6169 2D40. Signatures are produced by the current signing subkey of this certificate, which is certified by the primary key. This fingerprint is the canonical trust anchor for verifying OpenSSL Library release artifacts.
Earlier releases were signed by the OpenSSL key with fingerprint BA54 73A2
B058 7B07 FB27 CF2D 2160 94DF D0CB 81EF. That key has been retired but
remains published so that those releases can still be verified. It has also cross-certified the new signing certificate
above: if you already trust the BA54 key, import pubkeys.asc
and run gpg --check-sigs B146647E45A7B33947AB226B2A2C87D161692D40 to confirm
the new certificate is genuine without re-checking its fingerprint by hand.
This cross-certification is carried in pubkeys.asc but not on the key servers,
which strip third-party signatures.
Some older releases are signed with a key with the fingerprint EFC0 A467 D613 CB83 C7ED 6D30 D894 E2CE 8B3D 79F5.
Very old releases are signed with one of the keys listed in fingerprints.txt.
The signing certificates are published both on this OpenSSL Library website, as pubkeys.asc, and on the key server hkps://keys.openpgp.org. The copy on this website is authoritative: where the key server and this website disagree, this website takes precedence. We recommend downloading pubkeys.asc and importing it with your PGP program — it is also the more complete copy, retaining cross-certifications and the revoked or superseded keys that the key server drops, which makes it especially useful for verifying an older release whose signing key is now revoked or has disappeared from the key servers.
Each day we make a snapshot of each development branch. They can be found at https://www.openssl.org/source/snapshot/. These daily snapshots of the source tree are provided for convenience only and not even guaranteed to compile. Note that keeping a git local repository and updating it every 24 hours is equivalent and will often be faster and more efficient.
- Downloads
- Git Repository
- License
- Top of Downloads