macOS
brew install libressllocal Homebrew formula metadata
sudo port install libresslMacPorts ports tree · security/libressl/Portfile · source: api.github.com
brew
Version of the SSL/TLS protocol forked from OpenSSL. Version 4.3.2 via Homebrew; verified 2026-07-05.
install
brew install libressllocal Homebrew formula metadata
sudo port install libresslMacPorts ports tree · security/libressl/Portfile · source: api.github.com
sudo apk add libresslAlpine Linux edge package indexes · libressl · source: dl-cdn.alpinelinux.org
nix profile install nixpkgs#libresslnixpkgs package indexes · pkgs/by-name/li/libressl/package.nix · source: api.github.com
sudo pacman -S libresslArch Linux sync databases · libressl · source: geo.mirror.pkgbuild.com
sudo zypper install libcrypto57openSUSE Tumbleweed package metadata · libcrypto57 · source: download.opensuse.org
sudo apt install libssl-devDebian stable package indexes · libssl-dev · source: deb.debian.org
sudo dnf install opensslFedora Rawhide package metadata · openssl · source: dl.fedoraproject.org
choco install opensslChocolatey community package catalog · openssl · source: community.chocolatey.org
scoop install main/opensslScoop official bucket manifest trees · bucket/openssl.json · source: api.github.com
winget install --id ShiningLight.OpenSSL.Dev -eWindows Package Manager source index · ShiningLight.OpenSSL.Dev · source: cdn.winget.microsoft.com
overview
Version of the SSL/TLS protocol forked from OpenSSL
history
LibreSSL is the OpenBSD project's fork of the OpenSSL TLS and crypto stack, started in 2014 with goals of modernization, auditability, security, and OpenBSD-style development practice. It ships libcrypto, libssl, libtls, and command-line utilities such as openssl and ocspcheck.
The official site describes LibreSSL as forked from OpenSSL in 2014, with primary development inside the OpenBSD source tree and regular portable repackaging for other operating systems. The portable repository states the fork point as OpenSSL 1.0.1g and explains that the GitHub project contains the build scaffold and compatibility layer for building OpenBSD's LibreSSL code outside OpenBSD.
The project goals are deliberately conservative: modernize the OpenSSL codebase, apply code review and frequent releases, remove obsolete or broken features and operating-system support, and encourage safer programming interfaces. The portable README also makes clear that LibreSSL is not ABI-compatible with OpenSSL and that API compatibility is limited by the projects' different priorities.
LibreSSL was adopted first as part of OpenBSD and then as a portable package for Linux, BSDs, macOS, Windows, and other systems. Its wider package-manager life has been shaped by a trade-off: users wanted a cleaned-up OpenSSL-compatible stack, but many large ecosystems remained tied to OpenSSL ABI/API expectations.
For Unix distributions and Homebrew, LibreSSL became a useful alternate TLS implementation and a source of the libtls API, while also serving as a practical stress test for software that claimed OpenSSL portability but depended on OpenSSL-specific behavior.
Packaged LibreSSL is used either by linking applications to libcrypto, libssl, or libtls, or through command-line tools such as openssl and ocspcheck. The release process tracks OpenBSD development: stable portable branches are derived from OpenBSD releases and receive security updates for a defined support window.
LibreSSL is package-nerd significant because it is a security fork with real downstream consequences. It forces maintainers to separate OpenSSL-the-API from OpenSSL-the-implementation, exposes accidental ABI assumptions, and gives package managers a second TLS stack whose release cadence is tied to OpenBSD rather than the OpenSSL project.
security posture
library-like package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
/etc/ssl/openssl.cnfexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
ocspcheck | cli | global executable | |
openssl | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
install metadata
| Package key | brew:libressl |
|---|---|
| Version | 4.3.2 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/libressl |
| Homepage | https://www.libressl.org/ |
| Repository | https://github.com/libressl/portable |
| Upstream docs | https://github.com/libressl/portable#readme |
| License | OpenSSL |
| Source archive | https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-4.3.2.tar.gz |
| Last updated | 2026-07-05T04:22:04Z |
| Pulse | updated |
| Dependencies | ca-certificates |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
| Caveats | A CA file has been bootstrapped using certificates from the SystemRoots keychain. To add additional certificates (e.g. the certificates added in the System keychain), place .pem files in $HOMEBREW_PREFIX/etc/libressl/certs and run $HOMEBREW_PREFIX/opt/libressl/bin/openssl certhash $HOMEBREW_PREFIX/etc/libressl/certs |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | libressl |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | yes |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
libressl
nix profile install nixpkgs#libressllibressl 4.3.1-r0
Version of the TLS/crypto stack forked from OpenSSL
sudo apk add libressllibressl-dbg 4.3.1-r0
Version of the TLS/crypto stack forked from OpenSSL (debug symbols)
sudo apk add libressl-dbglibressl-dev 4.3.1-r0
Version of the TLS/crypto stack forked from OpenSSL (development files)
sudo apk add libressl-devlibressl-doc 4.3.1-r0
Version of the TLS/crypto stack forked from OpenSSL (documentation)
sudo apk add libressl-doclibressl-nc 4.3.1-r0
libressl TLS-enabled nc(1)
sudo apk add libressl-nclibressl-static 4.3.1-r0
Version of the TLS/crypto stack forked from OpenSSL (static library)
sudo apk add libressl-staticlibressl4.3-libcrypto 4.3.1-r0
libressl libcrypto library
sudo apk add libressl4.3-libcryptolibressl4.3-libssl 4.3.1-r0
libressl libssl library
sudo apk add libressl4.3-libssllibressl4.3-libtls 4.3.1-r0
libressl libtls library
sudo apk add libressl4.3-libtlslibressl 4.3.2-1
Free version of the TLS/crypto stack forked from OpenSSL
sudo pacman -S libressllibcrypto57 4.3.2-1.1
An SSL/TLS protocol implementation
sudo zypper install libcrypto57libressl 4.3.2-1.1
An SSL/TLS protocol implementation
sudo zypper install libressllibressl-devel 4.3.2-1.1
Development files for LibreSSL, an SSL/TLS protocol implementation
sudo zypper install libressl-devellibressl-devel-doc 4.3.2-1.1
Documentation for the LibreSSL API
sudo zypper install libressl-devel-doclibssl60 4.3.2-1.1
An SSL/TLS protocol implementation
sudo zypper install libssl60source trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.