OpenSSL: Here’s What You Need To Know About SSL and TLS Now.

Disclosure: Your support helps keep the site running! We earn a referral fee for some of the services we recommend on this page. Learn more

OpenSSL is a software library that implements the SSL (secure sockets layer) and TLS (transport layer security) web security protocols.

SSL and TLS are methods for using cryptography to secure communication between two parties. Although there are some important differences at a technical level (and SSL has largely been made obsolete in favor of the more secure TLS), they both work essentially the same way. (In fact, many people simply refer to both protocols as "SSL".)

The following description of how SSL/TLS works is very simplified, but it gives you a basic understanding of what is going on:

  • Once a connection is made between a client and server, the client requests a secure connection. It requests information about what types of cryptographic security the client supports.
  • The server chooses the most secure option that both the server and client support, and then sends a security certificate signed with the server's public key.
  • The client verifies the certificate and generates a secret key to send to the server, encrypted with the server's public key.
  • The client and server use the secret key to generate a pair of symmetric keys (or two pairs of public-private keys), and communication commences securely.

SSL/TLS is not a piece of software or a technology — it is a protocol, a procedure for accomplishing the above series of steps, along with specific cryptographic algorithms. A piece of software (an "implementation") is needed to implement the protocol.

OpenSSL is the most popular SSL/TLS implementation currently in use.

OpenSSL Tutorials

OpenSSL Tools

  • The openssl library source code is available from the official GitHub repository.
  • Openssl-tools is a set of shell scripts for making openssl easier to use.
  • SSL Checker can help you diagnose problems with your OpenSSL installation. Just enter a domain name, and the tool provides details on the associated certificate.
  • OpenSSL CSR Tool will auto-generate a customer CSR (certificate signing request) based on your input parameters.
  • Win32 OpenSSL is a distribution of OpenSSL designed to be easy to install on Windows machines.
  • CSR Decoder will check your CSR (certificate signing request), decode the details, and provide a report to you of the CSR's contents.

OpenSSL Community

Alternatives to OpenSSL

OpenSSL is one of the most popular SSL/TLS libraries for server-side web security, and it serves as the default "reference implementation" for the SSL protocol. But it isn't the only option available.

  • LibreSSL is a fork of OpenSSL with the goals of "modernizing the codebase, improving security, and applying best practice development processes."
  • NSS is a set of security libraries from Mozilla. They are used in the Firefox and Chrome browsers, as well as by Red Hat and AOL. NSS works well with the Apache server.
  • BoringSSL is Google's fork of OpenSSL. It is available for public use under an open source license, but there is no guarantee of API stability as it is not built with consumers in mind.
  • S2n is Amazon's implementation of just the TLS security library from the OpenSSL project, excluding all the additional crypto tools.
  • GnuTLS is a SSL/TLS library from the GNU project.

How to Stay Secure with OpenSSL

The most important thing to know about OpenSSL is that it isn't perfect and never will be. That is the case with any software project, especially one dealing with cryptographic security.

The one thing that you can do to best ensure your websites are safe is to keep your OpenSSL installation up to date. Subscribe to the OpenSSL newslog, and be sure to upgrade anytime there is a new release.

If you don't think you have the resources or wherewithal to keep your OpenSSL installation up to date, consider using a managed hosting service where these concerns are taken care of for you.

web hosting coupon

Looking for a great deal on secure hosting?
SiteGround — rated #1 by our readers — provides free SSL certificates and advanced security. We've arranged for you to save up to 67% on these popular plans. Use this exclusive discount link to get the deal.

Further Reading and Resources

We have more guides, tutorials, and infographics related to programming and computer use:

Unix Programming Resources

There are a lot of aspects of computer programming, and we have a great place for you to start learning: Unix Programming Resources.

Adam Michael Wood

About Adam Michael Wood

Adam specializes in developer documentation and tutorials. In addition to his writing here, he has authored engineering guides and other long-form technical manuals. Outside of work, Adam composes and performs liturgical music. He lives with his wife and children in California.


Thanks for your comment. It will show here once it has been approved.

Your email address will not be published. Required fields are marked *