Automic VaultAutomic Vault

brew / approval gates

Install openssl@3 with Homebrew, apk, MacPorts, zypper, chocolatey, apt, dnf, Nix, pacman, scoop, winget

Cryptography and SSL/TLS Toolkit. Version 3.6.3 via Homebrew; verified 2026-07-06.

agent safety

Agent safety answer

openssl handles cryptographic keys, certificates, secrets, and encrypted payloads.

Credential access

Can read private keys, certificates, encrypted files, and passphrases.

Remote mutation

Does not mutate remote systems directly but can prepare credentials used elsewhere.

Publish/artifact risk

Can produce keys, CSRs, signatures, and artifacts used in releases.

Recommended control

Gate private-key reads, key generation, signing, and decryption commands.

Agent-use guidance

Allow public certificate inspection; require approval before reading or producing secret key material.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install openssl@3

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install openssl3

MacPorts ports tree · devel/openssl3/Portfile · source: api.github.com

Linux

Alpine Linux apkverified · 92%
sudo apk add libssl3

Alpine Linux edge package indexes · libssl3 · source: dl-cdn.alpinelinux.org

openSUSE zypperverified · 92%
sudo zypper install libopenssl-3-devel

openSUSE Tumbleweed package metadata · libopenssl-3-devel · source: download.opensuse.org

Debian aptverified · 92%
sudo apt install libssl-dev

Debian stable package indexes · libssl-dev · source: deb.debian.org

Fedora dnfverified · 92%
sudo dnf install openssl

Fedora Rawhide package metadata · openssl · source: dl.fedoraproject.org

Nixverified · 92%
nix profile install nixpkgs#openssl

nixpkgs package indexes · openssl · source: raw.githubusercontent.com

Arch Linux pacmanverified · 92%
sudo pacman -S openssl

Arch Linux sync databases · openssl · source: geo.mirror.pkgbuild.com

Windows

Chocolateyverified · 92%
choco install openssl

Chocolatey community package catalog · openssl · source: community.chocolatey.org

Scoopverified · 92%
scoop install main/openssl

Scoop official bucket manifest trees · bucket/openssl.json · source: api.github.com

Windows Package Managerverified · 92%
winget install --id ShiningLight.OpenSSL.Dev -e

Windows Package Manager source index · ShiningLight.OpenSSL.Dev · source: cdn.winget.microsoft.com

overview

Package summary

Cryptography and SSL/TLS Toolkit

Commands and aliases

No executable aliases were found in the local package database.

history

Project history and usage

Homebrew's `openssl@3` is the main OpenSSL 3 formula, providing the OpenSSL command-line tool plus libssl and libcrypto for TLS, SSL, certificate, and general cryptography workloads. The formula follows the default OpenSSL 3 branch while separate formulae such as `openssl@3.0` and `openssl@3.5` preserve branch-specific targets.

Project history

OpenSSL was founded in 1998 as an open-source successor to SSLeay, the SSL library by Eric A. Young and Tim J. Hudson. The first OpenSSL release, 0.9.1c, shipped on December 23, 1998 after the initial project team chose the OpenSSL name to signal continuity for users of SSL-era tooling.

The library became a default dependency for secure internet software, from Apache modules and mail servers to package managers, language runtimes, and appliance firmware. Heartbleed in 2014 revealed both the scale of OpenSSL deployment and the fragility of its funding and maintenance model, prompting foundation and governance changes.

The OpenSSL 3 generation began with 3.0.0 on September 7, 2021. Its provider architecture, Apache-2.0 licensing, FIPS provider support, and deprecation of low-level APIs reshaped how applications link, configure, and certify OpenSSL-based cryptography.

Adoption history

`openssl@3` is the broad Homebrew adoption path for OpenSSL 3. The cited formula page lists it as also known as `openssl` and `openssl@3.6`, bottled across macOS and Linux, with yearly installs in the millions.

Homebrew's page also shows the package-manager policy dimension: `openssl@3` can move between OpenSSL 3 minor branches, while `openssl@3.5` and `openssl@3.0` exist for consumers that need a pinned branch. That split lets Homebrew balance default freshness against downstream reproducibility.

How it is used

Users invoke the `openssl` CLI to inspect and generate certificates, create CSRs, test TLS endpoints, hash and sign data, convert PEM/DER/PKCS formats, and manage CA directories. Build systems link against libssl and libcrypto when compiling software that needs TLS, X.509, ASN.1, message digests, public-key cryptography, or provider-backed algorithms.

On Homebrew systems, dependent formulae use `openssl@3` as the normal OpenSSL 3 dependency, while users may need the formula's prefix, include path, library path, and certificate directory when compiling software outside Homebrew.

Why package nerds care

`openssl@3` is one of the packages that makes a package manager feel like infrastructure. A minor OpenSSL branch change can affect build flags, test suites, compliance assumptions, certificate lookup, and runtime behavior for a large dependency graph.

It is also a clean example of why versioned formula names matter. The package name encodes a compatibility promise at the major-version level, while sibling formulae encode stricter branch promises for software that cannot simply follow the default.

Timeline

  • December 23, 1998: OpenSSL 0.9.1c is released.
  • 2014: Heartbleed becomes a watershed event for OpenSSL maintenance and funding.
  • September 7, 2021: OpenSSL 3.0.0 launches the OpenSSL 3 line.
  • April 8, 2025: OpenSSL 3.5.0 is released in the OpenSSL 3 family.
  • October 1, 2025: OpenSSL 3.6.0 appears in the OpenSSL release timeline.
  • 2026: Homebrew lists `openssl@3` stable at 3.6.3 and notes a planned downgrade to 3.5 LTS before the 3.6 support window ends.

Related projects

  • OpenSSL's ecosystem includes LibreSSL, BoringSSL, AWS-LC, GnuTLS, NSS, wolfSSL, and platform TLS stacks. Downstream packages such as OpenSSH, curl, web servers, database clients, and programming-language runtimes make OpenSSL branch choices visible far beyond cryptography specialists.

approval gates

Human review metadata for risky commands

The local approval-gate seed includes 5 rules for openssl@3. Covered entrypoints: openssl. Severity labels: critical, high, medium. Coverage: partial, reviewed 2026-05-21.

Example gated actions

  • Generate private keys or key pairs.
  • Print private key details in text form.
  • Export certificates and keys into PKCS#12 bundles.
  • Connect to a remote TLS service and print handshake material.
  • Encrypt or decrypt data to an output file.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
$OPENSSLDIR/openssl.cnf

Credential files

Credential-bearing paths to review before unattended agent runs.

Unix
~/.ssl~/.certs~/certs~/.config/openssl

executables

Installed executables

CommandKindExposureNote
No executable data was present.

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version3.6.3
manager updated2026-07-06
local dataok
upstreamnot checked
latest detectednot detected

https://github.com/openssl/openssl

install metadata

Package metadata

Package keybrew:openssl@3
Version3.6.3
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/openssl@3
Homepagehttps://openssl-library.org
Repositoryhttps://github.com/openssl/openssl
Upstream docshttps://docs.openssl.org/3.6/man1/openssl
LicenseApache-2.0
Source archivehttps://github.com/openssl/openssl/releases/download/openssl-3.6.3/openssl-3.6.3.tar.gz
Last updated2026-07-06T17:12:11Z
Pulseupdated
Dependenciesca-certificates
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sequoia, sonoma, tahoe, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared
CaveatsTo add additional certificates, place .pem files in $HOMEBREW_PREFIX/etc/openssl@3/certs and run $HOMEBREW_PREFIX/opt/openssl@3/bin/c_rehash OpenSSL 3.6 is only supported until 2026-11-01 so the `openssl@3` formula will be downgraded to OpenSSL 3.5 (LTS) in a future update.

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nameopenssl@3
Aliases
  • openssl
  • openssl@3.6
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

apk95%

libssl3 3.5.7-r0

SSL shared libraries

https://www.openssl.org/

sudo apk add libssl3
  • License: Apache-2.0
  • Architecture: x86_64
  • Source Package: openssl
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Openssl 3
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: libssl3 from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
zypper95%

libopenssl-3-devel 3.5.3-5.1

Development files for OpenSSL

https://www.openssl.org/

sudo zypper install libopenssl-3-devel
  • License: Apache-2.0
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: openssl-3
  • 4 dependencies
  • 3 provides
  • normalized package name match
  • Matched by: Openssl 3
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: libopenssl-3-devel from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
zypper95%

libopenssl-3-devel-32bit 3.5.3-5.1

Development files for OpenSSL

https://www.openssl.org/

sudo zypper install libopenssl-3-devel-32bit
  • License: Apache-2.0
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: openssl-3
  • 2 dependencies
  • 2 provides
  • normalized package name match
  • Matched by: Openssl 3
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: libopenssl-3-devel-32bit from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
zypper95%

libopenssl-3-fips-provider 3.5.3-5.1

OpenSSL FIPS provider

https://www.openssl.org/

sudo zypper install libopenssl-3-fips-provider
  • License: Apache-2.0
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: openssl-3
  • 4 dependencies
  • 2 provides
  • normalized package name match
  • Matched by: Openssl 3
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: libopenssl-3-fips-provider from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
zypper95%

libopenssl-3-fips-provider-32bit 3.5.3-5.1

OpenSSL FIPS provider

https://www.openssl.org/

sudo zypper install libopenssl-3-fips-provider-32bit
  • License: Apache-2.0
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: openssl-3
  • 4 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Openssl 3
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: libopenssl-3-fips-provider-32bit from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
zypper95%

libopenssl-3-fips-provider-x86-64-v3 3.5.3-5.1

OpenSSL FIPS provider

https://www.openssl.org/

sudo zypper install libopenssl-3-fips-provider-x86-64-v3
  • License: Apache-2.0
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: openssl-3
  • 3 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Openssl 3
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: libopenssl-3-fips-provider-x86-64-v3 from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
zypper95%

libopenssl3 3.5.3-5.1

Secure Sockets and Transport Layer Security

https://www.openssl.org/

sudo zypper install libopenssl3
  • License: Apache-2.0
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: openssl-3
  • 7 dependencies
  • 5 provides
  • normalized package name match
  • Matched by: Openssl 3
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: libopenssl3 from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
zypper95%

libopenssl3-32bit 3.5.3-5.1

Secure Sockets and Transport Layer Security

https://www.openssl.org/

sudo zypper install libopenssl3-32bit
  • License: Apache-2.0
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: openssl-3
  • 4 dependencies
  • 4 provides
  • normalized package name match
  • Matched by: Openssl 3
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: libopenssl3-32bit from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
zypper95%

libopenssl3-x86-64-v3 3.5.3-5.1

Secure Sockets and Transport Layer Security

https://www.openssl.org/

sudo zypper install libopenssl3-x86-64-v3
  • License: Apache-2.0
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: openssl-3
  • 2 dependencies
  • 2 provides
  • normalized package name match
  • Matched by: Openssl 3
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: libopenssl3-x86-64-v3 from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
zypper95%

openssl-3 3.5.3-5.1

Secure Sockets and Transport Layer Security

https://www.openssl.org/

sudo zypper install openssl-3
  • License: Apache-2.0
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: openssl-3
  • 8 dependencies
  • 2 provides
  • normalized package name match
  • Matched by: Openssl 3
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: openssl-3 from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
zypper95%

openssl-3-doc 3.5.3-5.1

Manpages and additional documentation for openssl

https://www.openssl.org/

sudo zypper install openssl-3-doc
  • License: Apache-2.0
  • Category: Unspecified
  • Architecture: noarch
  • Source Package: openssl-3
  • 2 provides
  • normalized package name match
  • Matched by: Openssl 3
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: openssl-3-doc from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
MacPorts95%

openssl3

sudo port install openssl3
  • normalized package name match
  • Matched by: Openssl 3
MacPorts ports tree · api.github.com · MacPorts ports tree: devel/openssl3/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
Debian apt88%

libssl-dev 3.5.6-1~deb13u1

Secure Sockets Layer toolkit - development files

https://openssl-library.org

sudo apt install libssl-dev
  • Section: libdevel
  • Architecture: amd64
  • Source Package: openssl
  • 1 dependencies
  • 1 optional deps
  • versioned package alias match
  • Matched by: Openssl
Debian stable package indexes · deb.debian.org · Debian stable package indexes: libssl-dev from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Debian apt88%

libssl-doc 3.5.6-1~deb13u1

Secure Sockets Layer toolkit - development documentation

https://openssl-library.org

sudo apt install libssl-doc
  • Section: doc
  • Architecture: all
  • Source Package: openssl
  • versioned package alias match
  • Matched by: Openssl
Debian stable package indexes · deb.debian.org · Debian stable package indexes: libssl-doc from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Debian apt88%

libssl3t64 3.5.6-1~deb13u1

Secure Sockets Layer toolkit - shared libraries

https://openssl-library.org

sudo apt install libssl3t64
  • Section: libs
  • Architecture: amd64
  • Source Package: openssl
  • 4 dependencies
  • 1 provides
  • versioned package alias match
  • Matched by: Openssl
Debian stable package indexes · deb.debian.org · Debian stable package indexes: libssl3t64 from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Debian apt88%

openssl 3.5.6-1~deb13u1

Secure Sockets Layer toolkit - cryptographic utility

https://openssl-library.org

sudo apt install openssl
  • Section: utils
  • Architecture: amd64
  • 2 dependencies
  • 1 optional deps
  • versioned package alias match
  • Matched by: Openssl
Debian stable package indexes · deb.debian.org · Debian stable package indexes: openssl from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Nucleus package database
  • approval-gate seed metadata
  • cross-ecosystem install command graph
  • curated agent safety answer
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment