Credential access
Can read private keys, certificates, encrypted files, and passphrases.
brew / approval gates
Cryptography and SSL/TLS Toolkit. Version 3.6.3 via Homebrew; verified 2026-07-06.
agent safety
openssl handles cryptographic keys, certificates, secrets, and encrypted payloads.
Can read private keys, certificates, encrypted files, and passphrases.
Does not mutate remote systems directly but can prepare credentials used elsewhere.
Can produce keys, CSRs, signatures, and artifacts used in releases.
Gate private-key reads, key generation, signing, and decryption commands.
Allow public certificate inspection; require approval before reading or producing secret key material.
install
brew install openssl@3local Homebrew formula metadata
sudo port install openssl3MacPorts ports tree · devel/openssl3/Portfile · source: api.github.com
sudo apk add libssl3Alpine Linux edge package indexes · libssl3 · source: dl-cdn.alpinelinux.org
sudo zypper install libopenssl-3-developenSUSE Tumbleweed package metadata · libopenssl-3-devel · source: download.opensuse.org
sudo apt install libssl-devDebian stable package indexes · libssl-dev · source: deb.debian.org
sudo dnf install opensslFedora Rawhide package metadata · openssl · source: dl.fedoraproject.org
nix profile install nixpkgs#opensslnixpkgs package indexes · openssl · source: raw.githubusercontent.com
sudo pacman -S opensslArch Linux sync databases · openssl · source: geo.mirror.pkgbuild.com
choco install opensslChocolatey community package catalog · openssl · source: community.chocolatey.org
scoop install main/opensslScoop official bucket manifest trees · bucket/openssl.json · source: api.github.com
winget install --id ShiningLight.OpenSSL.Dev -eWindows Package Manager source index · ShiningLight.OpenSSL.Dev · source: cdn.winget.microsoft.com
overview
Cryptography and SSL/TLS Toolkit
No executable aliases were found in the local package database.
history
Homebrew's `openssl@3` is the main OpenSSL 3 formula, providing the OpenSSL command-line tool plus libssl and libcrypto for TLS, SSL, certificate, and general cryptography workloads. The formula follows the default OpenSSL 3 branch while separate formulae such as `openssl@3.0` and `openssl@3.5` preserve branch-specific targets.
OpenSSL was founded in 1998 as an open-source successor to SSLeay, the SSL library by Eric A. Young and Tim J. Hudson. The first OpenSSL release, 0.9.1c, shipped on December 23, 1998 after the initial project team chose the OpenSSL name to signal continuity for users of SSL-era tooling.
The library became a default dependency for secure internet software, from Apache modules and mail servers to package managers, language runtimes, and appliance firmware. Heartbleed in 2014 revealed both the scale of OpenSSL deployment and the fragility of its funding and maintenance model, prompting foundation and governance changes.
The OpenSSL 3 generation began with 3.0.0 on September 7, 2021. Its provider architecture, Apache-2.0 licensing, FIPS provider support, and deprecation of low-level APIs reshaped how applications link, configure, and certify OpenSSL-based cryptography.
`openssl@3` is the broad Homebrew adoption path for OpenSSL 3. The cited formula page lists it as also known as `openssl` and `openssl@3.6`, bottled across macOS and Linux, with yearly installs in the millions.
Homebrew's page also shows the package-manager policy dimension: `openssl@3` can move between OpenSSL 3 minor branches, while `openssl@3.5` and `openssl@3.0` exist for consumers that need a pinned branch. That split lets Homebrew balance default freshness against downstream reproducibility.
Users invoke the `openssl` CLI to inspect and generate certificates, create CSRs, test TLS endpoints, hash and sign data, convert PEM/DER/PKCS formats, and manage CA directories. Build systems link against libssl and libcrypto when compiling software that needs TLS, X.509, ASN.1, message digests, public-key cryptography, or provider-backed algorithms.
On Homebrew systems, dependent formulae use `openssl@3` as the normal OpenSSL 3 dependency, while users may need the formula's prefix, include path, library path, and certificate directory when compiling software outside Homebrew.
`openssl@3` is one of the packages that makes a package manager feel like infrastructure. A minor OpenSSL branch change can affect build flags, test suites, compliance assumptions, certificate lookup, and runtime behavior for a large dependency graph.
It is also a clean example of why versioned formula names matter. The package name encodes a compatibility promise at the major-version level, while sibling formulae encode stricter branch promises for software that cannot simply follow the default.
approval gates
The local approval-gate seed includes 5 rules for openssl@3. Covered entrypoints: openssl. Severity labels: critical, high, medium. Coverage: partial, reviewed 2026-05-21.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
$OPENSSLDIR/openssl.cnfCredential-bearing paths to review before unattended agent runs.
~/.ssl~/.certs~/certs~/.config/opensslexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
| No executable data was present. | |||
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/openssl/openssl
install metadata
| Package key | brew:openssl@3 |
|---|---|
| Version | 3.6.3 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/openssl@3 |
| Homepage | https://openssl-library.org |
| Repository | https://github.com/openssl/openssl |
| Upstream docs | https://docs.openssl.org/3.6/man1/openssl |
| License | Apache-2.0 |
| Source archive | https://github.com/openssl/openssl/releases/download/openssl-3.6.3/openssl-3.6.3.tar.gz |
| Last updated | 2026-07-06T17:12:11Z |
| Pulse | updated |
| Dependencies | ca-certificates |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sequoia, sonoma, tahoe, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
| Caveats | To add additional certificates, place .pem files in $HOMEBREW_PREFIX/etc/openssl@3/certs and run $HOMEBREW_PREFIX/opt/openssl@3/bin/c_rehash OpenSSL 3.6 is only supported until 2026-11-01 so the `openssl@3` formula will be downgraded to OpenSSL 3.5 (LTS) in a future update. |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | openssl@3 |
| Aliases |
|
| Version Scheme | 0 |
| Revision | 0 |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
libssl3 3.5.7-r0
SSL shared libraries
sudo apk add libssl3libopenssl-3-devel 3.5.3-5.1
Development files for OpenSSL
sudo zypper install libopenssl-3-devellibopenssl-3-devel-32bit 3.5.3-5.1
Development files for OpenSSL
sudo zypper install libopenssl-3-devel-32bitlibopenssl-3-fips-provider 3.5.3-5.1
OpenSSL FIPS provider
sudo zypper install libopenssl-3-fips-providerlibopenssl-3-fips-provider-32bit 3.5.3-5.1
OpenSSL FIPS provider
sudo zypper install libopenssl-3-fips-provider-32bitlibopenssl-3-fips-provider-x86-64-v3 3.5.3-5.1
OpenSSL FIPS provider
sudo zypper install libopenssl-3-fips-provider-x86-64-v3libopenssl3 3.5.3-5.1
Secure Sockets and Transport Layer Security
sudo zypper install libopenssl3libopenssl3-32bit 3.5.3-5.1
Secure Sockets and Transport Layer Security
sudo zypper install libopenssl3-32bitlibopenssl3-x86-64-v3 3.5.3-5.1
Secure Sockets and Transport Layer Security
sudo zypper install libopenssl3-x86-64-v3openssl-3 3.5.3-5.1
Secure Sockets and Transport Layer Security
sudo zypper install openssl-3openssl-3-doc 3.5.3-5.1
Manpages and additional documentation for openssl
sudo zypper install openssl-3-docopenssl3
sudo port install openssl3libssl-dev 3.5.6-1~deb13u1
Secure Sockets Layer toolkit - development files
sudo apt install libssl-devlibssl-doc 3.5.6-1~deb13u1
Secure Sockets Layer toolkit - development documentation
sudo apt install libssl-doclibssl3t64 3.5.6-1~deb13u1
Secure Sockets Layer toolkit - shared libraries
sudo apt install libssl3t64openssl 3.5.6-1~deb13u1
Secure Sockets Layer toolkit - cryptographic utility
sudo apt install opensslsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.