Community

OpenSSL library source is maintained by a team of committers. We operate under a set of project bylaws and ask everyone to follow our code of conduct.

There are many ways you can join the community and contribute. The “getting started” page has some ideas. We maintain several mailing lists. Anyone can join, but you must be a member of a list to post to it. We have a public wiki, and anyone can request an account and start adding content. We have a team blog, where members of the development team will occasionally post.

Various third parties offer OpenSSL library distributions.

Our Mission and Values

The OpenSSL mission statement and core set of values serve as guides to our decision-making processes and the way we approach our daily work as committed members of the project. These guiding principles ensure that our actions and contributions align with the purpose of the project.

Reporting Security Bugs

If you think you have found a security bug in OpenSSL library, please send mail to openssl-security@openssl.org. Encryption is not required, but if you want to encrypt the mail, you can use our team’s PGP Key. We will work with you to assess and fix the flaw, as discussed in our Security Policy.

Please note that we do not run a Bug Bounty program, although third parties (such as the HackerOne Internet Bug Bounty) may reward correctly reported and confirmed security issues in the OpenSSL library codebase.

All fixed security bugs are listed on our vulnerabilities page.

Reporting Bugs

To report a bug or make an enhancement request, please open an issue on GitHub, by opening a new issue

To contribute a change to the documentation or software, please open a pull request.

If you also have a proposed solution for the issue, you do not need to open both an issue and a pull request - just the pull request is sufficient.