Miscellaneous
* Which is the current version of OpenSSL?
The current version is available from @@@https://www.openssl.org@@@.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at
@@@https://www.openssl.org/source/snapshot/@@@,
or get it by anonymous Git access.
* Where is the documentation?
OpenSSL is a library that provides cryptographic functionality to
applications such as secure web servers. Be sure to read the
documentation of the application you want to use. The INSTALL file
explains how to install this library.
OpenSSL includes a command line utility that can be used to perform a
variety of cryptographic functions. It is described in the openssl(1)
manpage. Documentation for developers is currently being written. Many
manual pages are available; overviews of libcrypto and
libssl are given in the crypto(7) and
ssl(7) manpages.
The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
different directory if you specified one as described in INSTALL).
In addition, you can read the most current versions at
@@@https://www.openssl.org/docs/@@@. Note that the online documents refer
to the very latest development versions of OpenSSL and may include features
not present in released versions. If in doubt refer to the documentation
that came with the version of OpenSSL you are using. The pod format
documentation is included in each OpenSSL distribution under the docs
directory.
* How can I contact the OpenSSL developers?
The README file describes how to submit bug reports and patches to
OpenSSL. Information on the OpenSSL mailing lists is available from
@@@https://www.openssl.org/community/mailinglists.html@@@.
* Where can I get a compiled version of OpenSSL?
You can finder pointers to binary distributions in
@@@https://www.openssl.org/community/binaries.html@@@ .
Some applications that use OpenSSL are distributed in binary form.
When using such an application, you don't need to install OpenSSL
yourself; the application will include the required parts (e.g. DLLs).
If you want to build OpenSSL on a Windows system and you don't have
a C compiler, read the "Mingw32" section of INSTALL.W32 for information
on how to obtain and install the free GNU C compiler.
A number of Linux and *BSD distributions include OpenSSL.
* Why aren't tools like 'autoconf' and 'libtool' or 'cmake' used?
A number of these tools are great and wonderful, but are usually
centered around one or a few platforms. 'autoconf' and 'libtool' are
Unix centric. 'cmake' is a bit more widely spread, but not enough to
cover the platforms we support.
For OpenSSL 1.1, we decided to base our build system on perl,
information files and build file (Makefile) templates, thereby
covering all the systems we support. Perl was the base language of
choice because we already use it in diverse scripts, and it's one of
the most widely spread scripting languages.
* What is an 'engine' version?
With version 0.9.6 OpenSSL was extended to interface to external crypto
hardware. This was realized in a special release '0.9.6-engine'. With
version 0.9.7 the changes were merged into the main development line,
so that the special release is no longer necessary.
* How do I check the authenticity of the OpenSSL distribution?
We provide PGP signatures and a variety of digests on each release.
For example, one of the following might work on your system:
sha1sum TARBALL | awk '{print $1;}' | cmp - TARBALL.sha1
sha256sum TARBALL | awk '{print $1;}' | cmp - TARBALL.sha256
You can check authenticity using pgp or gpg. You need the OpenSSL OMC
member public key used to sign it (download it from a key server or see a
list of keys at @@@https://www.openssl.org/community/omc.html@@@). Then
just do:
pgp TARBALL.asc
* How does the versioning scheme work?
After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter
releases (e.g. 1.0.1a) can only contain bug and security fixes and no
new features. Minor releases change the last number (e.g. 1.0.2) and
can contain new features that retain binary compatibility. Changes to
the middle number are considered major releases and neither source nor
binary compatibility is guaranteed.
Therefore the answer to the common question "when will feature X be
backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear
in the next minor release.
* What happens when the letter release reaches z?
It was decided after the release of OpenSSL 0.9.8y the next version should
be 0.9.8za then 0.9.8zb and so on.
The current version is available from @@@https://www.openssl.org@@@.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at
@@@https://www.openssl.org/source/snapshot/@@@, or get
it by anonymous Git access.
* Where is the documentation?
OpenSSL is a library that provides cryptographic functionality to
applications such as secure web servers. Be sure to read the
documentation of the application you want to use. The INSTALL file
explains how to install this library.
OpenSSL includes a command line utility that can be used to perform a
variety of cryptographic functions. It is described in the openssl(1)
manpage. Documentation for developers is currently being written. Many
manual pages are available; overviews over libcrypto and
libssl are given in the crypto(7)
and ssl(7) manpages.
The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
different directory if you specified one as described in INSTALL).
In addition, you can read the most current versions at
@@@https://www.openssl.org/docs/@@@. Note that the online documents refer
to the very latest development versions of OpenSSL and may include features
not present in released versions. If in doubt refer to the documentation
that came with the version of OpenSSL you are using. The pod format
documentation is included in each OpenSSL distribution under the docs
directory.
* How can I contact the OpenSSL developers?
The README file describes how to submit bug reports and patches to
OpenSSL. Information on the OpenSSL mailing lists is available from
@@@https://www.openssl.org/community/mailinglists.html@@@.
* Where can I get a compiled version of OpenSSL?
You can finder pointers to binary distributions in
@@@https://www.openssl.org/community/binaries.html@@@.
Some applications that use OpenSSL are distributed in binary form.
When using such an application, you don't need to install OpenSSL
yourself; the application will include the required parts (e.g. DLLs).
If you want to build OpenSSL on a Windows system and you don't have
a C compiler, read the "Mingw32" section of INSTALL.W32 for information
on how to obtain and install the free GNU C compiler.
A number of Linux and *BSD distributions include OpenSSL.
* Why aren't tools like 'autoconf' and 'libtool' or 'cmake' used?
A number of these tools are great and wonderful, but are usually
centered around one or a few platforms. 'autoconf' and 'libtool' are
Unix centric. 'cmake' is a bit more widely spread, but not enough to
cover the platforms we support.
For OpenSSL 1.1, we decided to base our build system on perl,
information files and build file (Makefile) templates, thereby
covering all the systems we support. Perl was the base language of
choice because we already use it in diverse scripts, and it's one of
the most widely spread scripting languages.
* What is an 'engine' version?
With version 0.9.6 OpenSSL was extended to interface to external crypto
hardware. This was realized in a special release '0.9.6-engine'. With
version 0.9.7 the changes were merged into the main development line,
so that the special release is no longer necessary.
* How do I check the authenticity of the OpenSSL distribution?
We provide PGP signatures and a variety of digests on each release.
For example, one of the following might work on your system:
sha1sum TARBALL | awk '{print $1;}' | cmp - TARBALL.sha1
sha256sum TARBALL | awk '{print $1;}' | cmp - TARBALL.sha256
You can check authenticity using pgp or gpg. You need the OpenSSL OMC
member public key used to sign it (download it from a key server or see a
list of keys at @@@https://www.openssl.org/community/omc.html@@@). Then
just do:
pgp TARBALL.asc
* How does the versioning scheme work?
After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter
releases (e.g. 1.0.1a) can only contain bug and security fixes and no
new features. Minor releases change the last number (e.g. 1.0.2) and
can contain new features that retain binary compatibility. Changes to
the middle number are considered major releases and neither source nor
binary compatibility is guaranteed.
Therefore the answer to the common question "when will feature X be
backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear
in the next minor release.
* What happens when the letter release reaches z?
It was decided after the release of OpenSSL 0.9.8y the next version should
be 0.9.8za then 0.9.8zb and so on.