# Install openssl@3.0 with Homebrew, apk, chocolatey, apt, dnf, MacPorts, Nix, pacman, scoop, winget, zypper

Cryptography and SSL/TLS Toolkit. Version 3.0.21 via Homebrew; verified 2026-07-06.

## Install

```sh
sudo av install brew:openssl@3.0
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install openssl@3.0
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install openssl
```

  Evidence: MacPorts ports tree: devel/openssl/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- apk (92%):

```sh
sudo apk add libcrypto3
```

  Evidence: Alpine Linux edge package indexes: libcrypto3 from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz

- Debian apt (92%):

```sh
sudo apt install libssl-dev
```

  Evidence: Debian stable package indexes: libssl-dev from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- dnf (92%):

```sh
sudo dnf install openssl
```

  Evidence: Fedora Rawhide package metadata: openssl from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

- Nix (92%):

```sh
nix profile install nixpkgs#openssl
```

  Evidence: nixpkgs package indexes: openssl from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix

- pacman (92%):

```sh
sudo pacman -S openssl
```

  Evidence: Arch Linux sync databases: openssl from https://geo.mirror.pkgbuild.com/core/os/x86_64/core.db.tar.gz

- zypper (92%):

```sh
sudo zypper install libopenssl-devel
```

  Evidence: openSUSE Tumbleweed package metadata: libopenssl-devel from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

### Windows

- Chocolatey (92%):

```sh
choco install openssl
```

  Evidence: Chocolatey community package catalog: openssl from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='11','openssh'

- Scoop (92%):

```sh
scoop install main/openssl
```

  Evidence: Scoop official bucket manifest trees: bucket/openssl.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

- winget (92%):

```sh
winget install --id ShiningLight.OpenSSL.Dev -e
```

  Evidence: Windows Package Manager source index: ShiningLight.OpenSSL.Dev from https://cdn.winget.microsoft.com/cache/source.msix

## Package facts

- **Package key:** brew:openssl@3.0
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/openssl@3.0>
- **Version:** 3.0.21
- **Source summary:** Cryptography and SSL/TLS Toolkit
- **Homepage:** <https://openssl-library.org>
- **Repository:** <https://github.com/openssl/openssl>
- **Upstream docs:** <https://docs.openssl.org/3.0>
- **License:** Apache-2.0
- **Source archive:** <https://github.com/openssl/openssl/releases/download/openssl-3.0.21/openssl-3.0.21.tar.gz>
- **Last updated:** 2026-07-06T03:08:48Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Dependencies

- ca-certificates

## Install behavior

- Post-install hook: not defined
- Caveats: A CA file has been bootstrapped using certificates from the system keychain. To add additional certificates, place .pem files in $HOMEBREW_PREFIX/etc/openssl@3.0/certs and run $HOMEBREW_PREFIX/opt/openssl@3.0/bin/c_rehash
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 3.0.21
- Package-manager updated: 2026-07-06
- Local data: ok
- Upstream repository: https://github.com/openssl/openssl
- info: No cached GitHub release or tag data was available.
## Project history and usage

OpenSSL 3.0 is the first OpenSSL 3 major-release line: a TLS, SSL, and general-purpose cryptography toolkit with a command-line program, libssl, libcrypto, providers, and an Apache-2.0 license. Homebrew's `openssl@3.0` formula packages the 3.0 long-lived branch separately for software that must stay on that ABI and behavior profile.

### Project history

OpenSSL traces back to SSLeay, the open-source SSL library by Eric A. Young and Tim J. Hudson. In December 1998, after Young and Hudson moved to RSA and SSLeay's future became uncertain, Mark Cox, Ralf Engelschall, Stephen Henson, Ben Laurie, and Paul Sutton organized a successor project, changed the planned name from OpenTLS to OpenSSL, and released OpenSSL 0.9.1c on December 23, 1998.

For two decades OpenSSL became a central TLS and cryptography dependency for web servers, language runtimes, package managers, mail software, VPNs, databases, and countless command-line workflows. The 2014 Heartbleed vulnerability exposed how much internet infrastructure depended on a small maintenance team and led to governance, funding, and foundation changes around the project.

OpenSSL 3.0, released on September 7, 2021, was a major architectural and licensing reset. The migration guide highlights the switch from the dual OpenSSL/SSLeay licenses to Apache License 2.0, the provider model for algorithm implementations, FIPS provider support, and formal deprecation of many low-level cryptographic APIs in favor of high-level EVP APIs.

### Adoption history

OpenSSL 3.0 became the compatibility anchor for the OpenSSL 3 generation because it preserved source compatibility for many 1.1.1 applications while requiring recompilation and, in some cases, API migration. Distributions and package managers adopted it as the route from OpenSSL 1.1.1 into the provider-based OpenSSL architecture.

Homebrew's `openssl@3.0` is keg-only and versioned, which matters for build reproducibility: a formula can link to the 3.0 branch without being silently moved to newer OpenSSL 3 minor releases. The cited Homebrew page lists a 2026-09-07 deprecation date and stable version 3.0.21.

### How it is used

Developers use OpenSSL 3.0 through C APIs in libssl/libcrypto, through language bindings that wrap those libraries, and through the `openssl` CLI for certificates, keys, CSRs, testing TLS endpoints, hashing, signing, and format conversion. The 3.0 branch adds provider configuration and FIPS-module choices to those familiar workflows.

Packagers use `openssl@3.0` when an application has been certified, tested, or constrained against the 3.0 line. The branch is less about new features and more about maintaining predictable OpenSSL 3 behavior while security fixes continue for that line.

### Why package nerds care

OpenSSL 3.0 is a packaging landmark because it changed more than a version number. The provider architecture, FIPS integration, license switch, and low-level API deprecations affected build flags, downstream patches, runtime configuration paths, and compatibility promises across huge dependency graphs.

The `openssl@3.0` formula is package-manager archaeology in action: even after newer OpenSSL 3 branches exist, the old branch remains packaged because TLS libraries are sticky dependencies and some consumers need exact branch semantics.

### Timeline

- December 23, 1998: OpenSSL 0.9.1c is released.
- 2014: Heartbleed triggers governance and funding changes around OpenSSL.
- September 7, 2021: OpenSSL 3.0.0 is released.
- 2021 onward: OpenSSL 3.0 receives security and bug-fix releases in its own series.
- 2026: Homebrew lists `openssl@3.0` as a keg-only formula with stable version 3.0.21 and a 2026-09-07 deprecation date.

### Related projects

- OpenSSL descends from SSLeay and competes or coexists with LibreSSL, BoringSSL, AWS-LC, GnuTLS, NSS, wolfSSL, and platform TLS libraries. OpenSSH, curl, web servers, programming-language runtimes, and certificate tooling are among the downstream ecosystems affected by OpenSSL branch choices.

### Sources

- <https://docs.openssl.org/3.0/man7/migration_guide/>
- <https://formulae.brew.sh/formula/openssl@3.0>
- <https://github.com/openssl/openssl>
- <https://openssl-library.org/news/openssl-3.0-notes/>
- <https://openssl-library.org/news/timeline/>
- <https://openssl-library.org/post/2018-12-20-20years/index.html>
- <https://openssl.foundation/about/history>


## Security Notes

No matching local secret-handling manifest was found for openssl@3.0. Nucleus package metadata is still published here so future coverage has a stable package URL.



## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: openssl.cnf
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** openssl@3.0
- **Version Scheme:** 0
- **Revision:** 0
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** yes
- **URL Keys:** stable

## Other Package-Manager Records

- Debian apt - libssl-dev - 3.5.6-1~deb13u1: versioned package alias match | Debian stable package indexes: libssl-dev from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Secure Sockets Layer toolkit - development files | https://openssl-library.org
- Debian apt - libssl-doc - 3.5.6-1~deb13u1: versioned package alias match | Debian stable package indexes: libssl-doc from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Secure Sockets Layer toolkit - development documentation | https://openssl-library.org
- Debian apt - libssl3t64 - 3.5.6-1~deb13u1: versioned package alias match | Debian stable package indexes: libssl3t64 from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Secure Sockets Layer toolkit - shared libraries | https://openssl-library.org
- Debian apt - openssl - 3.5.6-1~deb13u1: versioned package alias match | Debian stable package indexes: openssl from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Secure Sockets Layer toolkit - cryptographic utility | https://openssl-library.org
- Debian apt - openssl-provider-fips - 3.5.6-1~deb13u1: versioned package alias match | Debian stable package indexes: openssl-provider-fips from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Secure Sockets Layer toolkit - cryptographic utility | https://openssl-library.org
- Debian apt - openssl-provider-legacy - 3.5.6-1~deb13u1: versioned package alias match | Debian stable package indexes: openssl-provider-legacy from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Secure Sockets Layer toolkit - cryptographic utility | https://openssl-library.org
- Nix - openssl: versioned package alias match | nixpkgs package indexes: openssl from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix
- Ubuntu apt - libssl-dev - 3.0.13-0ubuntu3: versioned package alias match | Ubuntu 24.04 LTS package indexes: libssl-dev from https://archive.ubuntu.com/ubuntu/dists/noble/main/binary-amd64/Packages.gz | Secure Sockets Layer toolkit - development files | https://www.openssl.org/
- Ubuntu apt - libssl-doc - 3.0.13-0ubuntu3: versioned package alias match | Ubuntu 24.04 LTS package indexes: libssl-doc from https://archive.ubuntu.com/ubuntu/dists/noble/main/binary-amd64/Packages.gz | Secure Sockets Layer toolkit - development documentation | https://www.openssl.org/
- Ubuntu apt - libssl3t64 - 3.0.13-0ubuntu3: versioned package alias match | Ubuntu 24.04 LTS package indexes: libssl3t64 from https://archive.ubuntu.com/ubuntu/dists/noble/main/binary-amd64/Packages.gz | Secure Sockets Layer toolkit - shared libraries | https://www.openssl.org/
- Ubuntu apt - openssl - 3.0.13-0ubuntu3: versioned package alias match | Ubuntu 24.04 LTS package indexes: openssl from https://archive.ubuntu.com/ubuntu/dists/noble/main/binary-amd64/Packages.gz | Secure Sockets Layer toolkit - cryptographic utility | https://www.openssl.org/
- apk - libcrypto3 - 3.5.7-r0: versioned package alias match | Alpine Linux edge package indexes: libcrypto3 from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | Crypto library from openssl | https://www.openssl.org/
- apk - libssl3 - 3.5.7-r0: versioned package alias match | Alpine Linux edge package indexes: libssl3 from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | SSL shared libraries | https://www.openssl.org/
- apk - openssl - 3.5.7-r0: versioned package alias match | Alpine Linux edge package indexes: openssl from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | Toolkit for Transport Layer Security (TLS) | https://www.openssl.org/
- apk - openssl-dbg - 3.5.7-r0: versioned package alias match | Alpine Linux edge package indexes: openssl-dbg from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | Toolkit for Transport Layer Security (TLS) (debug symbols) | https://www.openssl.org/
- apk - openssl-dev - 3.5.7-r0: versioned package alias match | Alpine Linux edge package indexes: openssl-dev from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | Toolkit for Transport Layer Security (TLS) (development files) | https://www.openssl.org/


## Related links

- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [ca-certificates](https://www.automicvault.com/pkg/brew/ca-certificates/) - Runtime dependency declared by Homebrew.
- [openssl@3](https://www.automicvault.com/pkg/brew/openssl-3/) - Package name indicates the same formula family.
- [openssl@3.5](https://www.automicvault.com/pkg/brew/openssl-3-5/) - Package name indicates the same formula family.
- [openssl@4](https://www.automicvault.com/pkg/brew/openssl-4/) - Package name indicates the same formula family.

## Combined YAML source

View the package source record on GitHub. [combined/openssl@3.0.yml](https://github.com/automic-vault/db/blob/main/combined/openssl@3.0.yml)


## Sources

- Nucleus package database
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
