Downloads
The master sources are maintained in ourgit repository,which is accessible over the network and cloned on GitHub, athttps://github.com/openssl/openssl. Bugs and pull patches (issues andpull requests) should be filed on the GitHub repo. Please familiarizeyourself with thelicense.
The table below lists the latest releases for every branch. (For an explanationof the numbering, see ourrelease strategy.)All releases can be found at/source/old.
| Series | Filename | Size | Release | End-of-Life | Checksums |
|---|---|---|---|---|---|
| 3.5 [LTS] | openssl-3.5.1.tar.gz | 50.7MiB | 01 Jul 2025 | 08 Apr 2030 | (PGP sign) (SHA1) (SHA256) |
| 3.4 | openssl-3.4.2.tar.gz | 17.5MiB | 01 Jul 2025 | 22 Oct 2026 | (PGP sign) (SHA1) (SHA256) |
| 3.3 | openssl-3.3.4.tar.gz | 17.3MiB | 01 Jul 2025 | 09 Apr 2026 | (PGP sign) (SHA1) (SHA256) |
| 3.2 | openssl-3.2.5.tar.gz | 17.0MiB | 01 Jul 2025 | 23 Nov 2025 | (PGP sign) (SHA1) (SHA256) |
| 3.0 [LTS] | openssl-3.0.17.tar.gz | 14.6MiB | 01 Jul 2025 | 07 Sep 2026 | (PGP sign) (SHA1) (SHA256) |
Note: All versions not present above are out of support and should not beused. Users of those versions are encouraged to upgrade to the newestseries as soon as possible. Extended support for 1.1.1 and 1.0.2 to gainaccess to security fixes for those versions isavailable.
The following OpenSSL version(s) are FIPS validated:
| Version | Certificate | Security Policy | FIPS Version |
|---|---|---|---|
| 3.1.2 | certificate | security policy | FIPS 140-3 |
| 3.0.9 | certificate | security policy | FIPS 140-2 |
| 3.0.8 | certificate | security policy | FIPS 140-2 |
| 3.0.0 | certificate | security policy | FIPS 140-2 |
For a list of CVEs and their impact on validated FIPS providers, visit theCVEs and FIPS page.
Please follow the Security Policy instructions to download, build andinstall a validated OpenSSL FIPS provider.Other OpenSSL Releases MAY use the validated FIPS provider, butMUST NOT build and use their own FIPS provider. For example you can buildOpenSSL 3.4 and use the OpenSSL 3.0.9 FIPS provider with it.
Information about how to configure and use the FIPS provider in yourapplications is available on the FIPS module man page.You must also read the module security policy and follow the specificbuild and installation instructions included in it.
For an overview of some of the key concepts in OpenSSL 3.4 see theOpenSSL Guide.Much of the information in the guide is also applicable to older releases suchas 3.3, 3.2, 3.1 and 3.0 except for sections relating to new features only in3.4. Information and notes about migrating existing applications to OpenSSL3.4 (and 3.3/3.2/3.1/3.0) are available in theOpenSSL 3.4 MigrationGuide
When building a release for the first time, please make sure to look atthe INSTALL file in the distribution along with any NOTES fileapplicable to your platform. If you have problems, then join theopenssl-users email list and post aquestion there.
The current releases are signed by the OpenSSL key with fingerprintBA54 73A2 B058 7B07 FB27 CF2D 2160 94DF D0CB 81EF.
Some older releases are signed with a key with the fingerprint EFC0A467 D613 CB83 C7ED 6D30 D894 E2CE 8B3D 79F5.
Very old releases are signed with one of the keys available from theOTC page.
PGP keys used to sign the releases should primarly be retrieved from a keyserver, such as hkps://keys.openpgp.org. As an alternative, you maydownloadpubkeys.asc and import it with your PGP program.This alternative is especially useful if you want to verify an olderrelease, for which the signing key is now revoked and has disappeared fromthe key servers.
Each day we make a snapshot of each development branch. They can befound athttps://www.openssl.org/source/snapshot/. These dailysnapshots of the source tree are provided for convenience only and noteven guaranteed to compile. Note that keeping a git local repository andupdating it every 24 hours is equivalent and will often be faster andmore efficient.