# Install openssl@4 with Homebrew, apk, chocolatey, apt, dnf, MacPorts, Nix, pacman, scoop, winget, zypper

Cryptography and SSL/TLS Toolkit. Version 4.0.1 via Homebrew; verified 2026-07-04.

## Install

```sh
sudo av install brew:openssl@4
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install openssl@4
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install openssl
```

  Evidence: MacPorts ports tree: devel/openssl/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- apk (92%):

```sh
sudo apk add libcrypto3
```

  Evidence: Alpine Linux edge package indexes: libcrypto3 from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz

- Debian apt (92%):

```sh
sudo apt install libssl-dev
```

  Evidence: Debian stable package indexes: libssl-dev from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- dnf (92%):

```sh
sudo dnf install openssl
```

  Evidence: Fedora Rawhide package metadata: openssl from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

- Nix (92%):

```sh
nix profile install nixpkgs#openssl
```

  Evidence: nixpkgs package indexes: openssl from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix

- pacman (92%):

```sh
sudo pacman -S openssl
```

  Evidence: Arch Linux sync databases: openssl from https://geo.mirror.pkgbuild.com/core/os/x86_64/core.db.tar.gz

- zypper (92%):

```sh
sudo zypper install libopenssl-devel
```

  Evidence: openSUSE Tumbleweed package metadata: libopenssl-devel from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

### Windows

- Chocolatey (92%):

```sh
choco install openssl
```

  Evidence: Chocolatey community package catalog: openssl from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='11','openssh'

- Scoop (92%):

```sh
scoop install main/openssl
```

  Evidence: Scoop official bucket manifest trees: bucket/openssl.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

- winget (92%):

```sh
winget install --id ShiningLight.OpenSSL.Dev -e
```

  Evidence: Windows Package Manager source index: ShiningLight.OpenSSL.Dev from https://cdn.winget.microsoft.com/cache/source.msix

## Package facts

- **Package key:** brew:openssl@4
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/openssl@4>
- **Version:** 4.0.1
- **Source summary:** Cryptography and SSL/TLS Toolkit
- **Homepage:** <https://openssl-library.org>
- **Repository:** <https://github.com/openssl/openssl>
- **Upstream docs:** <https://docs.openssl.org/4.0/man5/config>
- **License:** Apache-2.0
- **Source archive:** <https://github.com/openssl/openssl/releases/download/openssl-4.0.1/openssl-4.0.1.tar.gz>
- **Last updated:** 2026-07-04T15:59:44-04:00
- **Generated:** 2026-07-08T07:18:31+00:00

## Dependencies

- ca-certificates

## Install behavior

- Post-install hook: not defined
- Caveats: To add additional certificates, place .pem files in $HOMEBREW_PREFIX/etc/openssl@4/certs and run $HOMEBREW_PREFIX/opt/openssl@4/bin/c_rehash
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 4.0.1
- Package-manager updated: 2026-07-04
- Local data: ok
- Upstream repository: https://github.com/openssl/openssl
- info: No cached GitHub release or tag data was available.
## Project history and usage

OpenSSL is one of the foundational open-source cryptography and TLS toolkits: a C library, command-line utility, and provider of low-level primitives used by operating systems, language runtimes, servers, package managers, and embedded products. The Homebrew `openssl@4` formula tracks the 4.0 series, a feature-release branch announced by the OpenSSL project on April 14, 2026.

### Project history

The OpenSSL codebase descends from SSLeay, the SSL implementation written by Eric A. Young and Tim J. Hudson in the 1990s. The OpenSSL project published its first release on December 23, 1998, after SSLeay development stopped, and it became the long-running community-maintained successor for SSL/TLS and general-purpose cryptographic APIs.

OpenSSL evolved from the pre-TLS web-security era into a toolkit spanning TLS protocol support, X.509 certificate handling, cryptographic algorithms, engines, command-line inspection tools, and compliance-oriented modules. OpenSSL 3.0 introduced the provider architecture, moving algorithm implementations behind loadable providers and making FIPS use a provider-based model. OpenSSL 4.0 continued that major-version lineage with feature and compatibility changes rather than an LTS promise.

### Adoption history

OpenSSL became a default dependency because it solved two hard packaging problems at once: it supplied a portable TLS stack and a broad cryptographic library. Unix-like operating systems, web servers, mail servers, VPNs, database clients, programming language bindings, and package managers built around it, which made ABI transitions and security updates highly visible across distributions.

The project’s adoption history also includes hard lessons in security maintenance. Events such as the 2014 Heartbleed vulnerability changed how many organizations viewed OpenSSL patching, funding, audits, and dependency tracking. Later 3.x and 4.x branches are packaged with branch-specific formulas so developers can pin applications to a supported ABI and test migrations deliberately.

### How it is used

Developers use the `openssl` executable to generate keys and CSRs, inspect certificates, test TLS endpoints, convert key formats, create hashes and signatures, and debug trust-chain problems. Applications link against libssl and libcrypto for TLS sessions, certificate verification, envelope encryption, digests, random number generation, and public-key operations.

Package maintainers care about exactly which OpenSSL line is installed because headers, library names, provider configuration, FIPS behavior, and deprecated APIs can affect downstream builds. A versioned package such as `openssl@4` lets build scripts and CI select the 4.0 branch while older software remains on a 3.x or LTS branch.

### Why package nerds care

For package nerds, OpenSSL is the dependency that makes dependency graphs feel real: a small ABI or policy change can ripple through language ecosystems, OS images, containers, and vendored binaries. The `@4` suffix is meaningful because it advertises a major cryptographic-runtime transition, not a cosmetic formula split.

### Timeline

- 1995-1998: SSLeay was developed by Eric A. Young and Tim J. Hudson.
- 1998-12-23: the first OpenSSL release was published.
- 2021-09-07: OpenSSL 3.0 introduced the provider architecture used for modern algorithm and FIPS-module loading.
- 2026-04-14: OpenSSL 4.0.0 was announced as a feature release.

### Related projects

- Related implementations and consumers include LibreSSL and BoringSSL as forks or alternate TLS/crypto libraries, plus the many applications that expose OpenSSL-flavored certificate and TLS behavior through their own CLIs.

### Sources

- <https://docs.openssl.org/3.0/man7/migration_guide/>
- <https://github.com/openssl/openssl>
- <https://openssl-library.org/post/2018-12-20-20years/index.html>
- <https://openssl-library.org/post/2026-04-14-openssl-40-final-release/>
- <https://openssl-library.org/source/>


## Security Notes

No matching local secret-handling manifest was found for openssl@4. Nucleus package metadata is still published here so future coverage has a stable package URL.



## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: $OPENSSLDIR/openssl.cnf
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** openssl@4
- **Version Scheme:** 0
- **Revision:** 0
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** yes
- **URL Keys:** stable

## Other Package-Manager Records

- Debian apt - libssl-dev - 3.5.6-1~deb13u1: versioned package alias match | Debian stable package indexes: libssl-dev from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Secure Sockets Layer toolkit - development files | https://openssl-library.org
- Debian apt - libssl-doc - 3.5.6-1~deb13u1: versioned package alias match | Debian stable package indexes: libssl-doc from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Secure Sockets Layer toolkit - development documentation | https://openssl-library.org
- Debian apt - libssl3t64 - 3.5.6-1~deb13u1: versioned package alias match | Debian stable package indexes: libssl3t64 from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Secure Sockets Layer toolkit - shared libraries | https://openssl-library.org
- Debian apt - openssl - 3.5.6-1~deb13u1: versioned package alias match | Debian stable package indexes: openssl from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Secure Sockets Layer toolkit - cryptographic utility | https://openssl-library.org
- Debian apt - openssl-provider-fips - 3.5.6-1~deb13u1: versioned package alias match | Debian stable package indexes: openssl-provider-fips from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Secure Sockets Layer toolkit - cryptographic utility | https://openssl-library.org
- Debian apt - openssl-provider-legacy - 3.5.6-1~deb13u1: versioned package alias match | Debian stable package indexes: openssl-provider-legacy from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Secure Sockets Layer toolkit - cryptographic utility | https://openssl-library.org
- Nix - openssl: versioned package alias match | nixpkgs package indexes: openssl from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix
- Ubuntu apt - libssl-dev - 3.0.13-0ubuntu3: versioned package alias match | Ubuntu 24.04 LTS package indexes: libssl-dev from https://archive.ubuntu.com/ubuntu/dists/noble/main/binary-amd64/Packages.gz | Secure Sockets Layer toolkit - development files | https://www.openssl.org/
- Ubuntu apt - libssl-doc - 3.0.13-0ubuntu3: versioned package alias match | Ubuntu 24.04 LTS package indexes: libssl-doc from https://archive.ubuntu.com/ubuntu/dists/noble/main/binary-amd64/Packages.gz | Secure Sockets Layer toolkit - development documentation | https://www.openssl.org/
- Ubuntu apt - libssl3t64 - 3.0.13-0ubuntu3: versioned package alias match | Ubuntu 24.04 LTS package indexes: libssl3t64 from https://archive.ubuntu.com/ubuntu/dists/noble/main/binary-amd64/Packages.gz | Secure Sockets Layer toolkit - shared libraries | https://www.openssl.org/
- Ubuntu apt - openssl - 3.0.13-0ubuntu3: versioned package alias match | Ubuntu 24.04 LTS package indexes: openssl from https://archive.ubuntu.com/ubuntu/dists/noble/main/binary-amd64/Packages.gz | Secure Sockets Layer toolkit - cryptographic utility | https://www.openssl.org/
- apk - libcrypto3 - 3.5.7-r0: versioned package alias match | Alpine Linux edge package indexes: libcrypto3 from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | Crypto library from openssl | https://www.openssl.org/
- apk - libssl3 - 3.5.7-r0: versioned package alias match | Alpine Linux edge package indexes: libssl3 from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | SSL shared libraries | https://www.openssl.org/
- apk - openssl - 3.5.7-r0: versioned package alias match | Alpine Linux edge package indexes: openssl from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | Toolkit for Transport Layer Security (TLS) | https://www.openssl.org/
- apk - openssl-dbg - 3.5.7-r0: versioned package alias match | Alpine Linux edge package indexes: openssl-dbg from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | Toolkit for Transport Layer Security (TLS) (debug symbols) | https://www.openssl.org/
- apk - openssl-dev - 3.5.7-r0: versioned package alias match | Alpine Linux edge package indexes: openssl-dev from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | Toolkit for Transport Layer Security (TLS) (development files) | https://www.openssl.org/


## Related links

- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [ca-certificates](https://www.automicvault.com/pkg/brew/ca-certificates/) - Runtime dependency declared by Homebrew.
- [aircrack-ng](https://www.automicvault.com/pkg/brew/aircrack-ng/) - Popular package that depends on this formula.
- [axel](https://www.automicvault.com/pkg/brew/axel/) - Popular package that depends on this formula.
- [bitchx](https://www.automicvault.com/pkg/brew/bitchx/) - Popular package that depends on this formula.
- [bozohttpd](https://www.automicvault.com/pkg/brew/bozohttpd/) - Popular package that depends on this formula.
- [btpd](https://www.automicvault.com/pkg/brew/btpd/) - Popular package that depends on this formula.
- [burp](https://www.automicvault.com/pkg/brew/burp/) - Popular package that depends on this formula.
- [c2patool](https://www.automicvault.com/pkg/brew/c2patool/) - Popular package that depends on this formula.
- [openssl@3](https://www.automicvault.com/pkg/brew/openssl-3/) - Package name indicates the same formula family.
- [openssl@3.0](https://www.automicvault.com/pkg/brew/openssl-3-0/) - Package name indicates the same formula family.
- [openssl@3.5](https://www.automicvault.com/pkg/brew/openssl-3-5/) - Package name indicates the same formula family.

## Combined YAML source

View the package source record on GitHub. [combined/openssl@4.yml](https://github.com/automic-vault/db/blob/main/combined/openssl@4.yml)


## Sources

- Nucleus package database
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
