Apr 14, 2014

What is OpenSSL?

Like everyone else, I’ve heard a lot about OpenSSL since the Heartbleed security flaw was discovered. I understand that it is intended to encrypt website traffic, but is OpenSSL just the actual software that is supposed to do this? It seems hard to believe that it took two years for such a major flaw to be discovered.


OpenSSL is an open source project with about a $1 million annual budget. That’s pretty amazing when you consider how crucial of a role it plays in online security. Here is a good article that explains more about OpenSSL.  





"OpenSSL is an open-source implementation of the SSL and TLS protocols. The core library, written in the C programming language, implements the basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available.

Versions are available for most Unix-like operating systems (including Solaris, Linux, Mac OS X and the various open source BSD operating systems), OpenVMS and Microsoft Windows. IBM provides a port for the System i (OS/400). OpenSSL is based on SSLeay by Eric Andrew Young and Tim Hudson, development of which unofficially ended on December 17, 1998, when Young and Hudson both started to work for RSA Security."
Answer this