OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end.

OpenSSL is available for most Unix-like operating systems (including Linux, macOS, and BSD), Microsoft Windows and OpenVMS.

The OpenSSL project was founded in 1998 to provide a free set of encryption tools for the code used on the Internet.

The initial founding members were Mark Cox, Ralf Engelschall, Stephen Henson, Ben Laurie, and Paul Sutton.

An early FIPS 140-1 certificate for OpenSSL's FOM 1.0 was revoked in July 2006 "when questions were raised about the validated module's interaction with outside software."

[66] OpenSSL 0.9.6k has a bug where certain ASN.1 sequences triggered a large number of recursions on Windows machines, discovered on November 4, 2003.

Being able to send arbitrary large numbers of ASN.1 sequences would cause OpenSSL to crash as a result.

[67] When using Basic Input/Output (BIO)[68] or FILE based functions to read untrusted DER format data, OpenSSL is vulnerable.

[69] In handling CBC cipher-suites in SSL, TLS, and DTLS, OpenSSL was found vulnerable to a timing attack during the MAC processing.

OpenSSL's pseudo-random number generator acquires entropy using complex programming methods.

To keep the Valgrind analysis tool from issuing associated warnings, a maintainer of the Debian distribution applied a patch to Debian's variant of the OpenSSL suite, which inadvertently broke its random number generator by limiting the overall number of private keys it could generate to 32,768.

[77] This could allow attackers to decode earlier eavesdropped communications if the encryption protocol used does not ensure perfect forward secrecy.

[78] At its disclosure on April 7, 2014, around 17% or half a million of the Internet's secure web servers certified by trusted authorities were believed to have been vulnerable to the attack.

A remote unauthenticated attacker could exploit this vulnerability by using a specially crafted handshake to force the use of weak keying material.

Successful exploitation could lead to a security bypass condition where an attacker could gain access to potentially sensitive information.

If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension, a null-pointer dereference occurs.

A Stanford Security researcher, David Ramos, had a private exploit and presented it to the OpenSSL team, which then patched the issue.

[93] In September 2020, it was released as a general-purpose cryptographic library maintained by the Amazon Web Services Cryptography team to be used in the AWS cloud computing platform.

The reduced support delay of version 1.1.1 mentioned above causes further concerns to users whose workloads are sensitive to performance.

[117] While some discussion started the same day, it quickly stalled and was first blocked on license considerations,[117] then kept on hold once these concerns were cleared.

Finally 10 months later the OpenSSL Management Committee announced on a blog post[118] that this patch set would not be adopted for 3.0 on the fear that the API would change over time.

Finally more than one year after planned release of 3.0 which was still not coming, a team of volunteers from Akamai and Microsoft decided to fork the project as QuicTLS[119] and support these patches on top of the OpenSSL code in order to unblock QUIC development.

As of 25 February 2023 there is still no QUIC-compatible long-term supported TLS library available by default in operating systems without requiring end-users to rebuild it themselves from sources.