IT Get in touch

OpenSSL: the open source cryptography protecting the internet

From SSLeay to OpenSSL: SSL/TLS implementation, X.509 certificates, symmetric and asymmetric cryptography for HTTPS, SMTPS and IMAPS.

Open SourceCyber Security
Open SourceCyber Security Open SourceOpenSSLCryptographySSLTLSSecurity
Linux Services & Systems

Linux Services & Systems

Domains, hosting, PEC, email infrastructure, network services and Linux systems. Open Source infrastructure support and management.

Discover →

From SSLeay to OpenSSL

The history of OpenSSL begins in 1995, when Eric Young and Tim Hudson, two Australian developers, create SSLeay, an Open Source cryptographic library implementing the SSL (Secure Sockets Layer) protocol. The name is a wordplay: SSL + Eric A. Young. SSLeay was born as a free alternative to commercial SSL implementations, at a time when cryptography was still subject to strict US export restrictions.

In 1998, after Young and Hudson left the project to work at RSA Security, a group of developers founded the OpenSSL project as a fork of SSLeay, with the goal of maintaining and evolving the library under an Open Source licence.

What OpenSSL does

OpenSSL is a full-featured cryptographic toolkit that implements the SSL v2/v3 and TLS 1.0 (Transport Layer Security, the successor to SSL) protocols, along with a general-purpose cryptographic library. Its main capabilities include:

  • Symmetric cryptography: algorithms such as AES, 3DES, Blowfish, RC4 for data encryption
  • Asymmetric cryptography: RSA, DSA, Diffie-Hellman for key exchange and digital signatures
  • Hash functions: MD5, SHA-1, SHA-256 for data integrity
  • X.509 certificates: generation, management and verification of digital certificates
  • Command-line tools: a CLI for generating keys, creating certificates, testing SSL/TLS connections

The invisible infrastructure

OpenSSL is the library that makes secure internet communication possible in its current form. When a browser establishes an HTTPS connection, in most cases the server uses OpenSSL to negotiate the encrypted session. The same applies to secure mail protocols — SMTPS, IMAPS, POP3S — and to any service requiring TLS.

Apache with mod_ssl, the most widely deployed web server, depends directly on OpenSSL. The same is true for OpenSSH, which uses the library for its cryptographic primitives. LDAP servers, VPN servers, custom applications: the dependency chain is pervasive.

The critical project paradox

OpenSSL represents an emblematic case in the Open Source ecosystem: a critical infrastructure component on which the security of millions of servers depends, maintained by a small team of volunteers with limited resources. The complexity of the codebase — which inherits architectural decisions from SSLeay — and the sensitivity of the cryptographic domain make maintenance particularly demanding.

Despite this, OpenSSL remains the default choice for server-side cryptography on virtually every Unix and Linux platform, an invisible but essential building block of internet infrastructure.

OpenSSL

Need support? Under attack? Service Status
Need support? Under attack? Service Status