The OpenSSL Corporation is pleased to announce that OpenSSL version 3.1.2 has achieved FIPS 140-3 validation, signifying its compliance with the rigorous cryptographic module security requirements set forth by the National Institute of Standards and Technology (NIST). This accomplishment marks a significant milestone in reinforcing trusted, standards-based encryption for organizations operating in regulated environments, including government agencies, healthcare institutions, and financial services.
Understanding and effectively managing diverse personalities within an organization is crucial for fostering a harmonious and productive work environment. At the OpenSSL Corporation, we use Tick profiles—personality profiling tools designed to help individuals and teams gain insights into behavioral preferences enhancing collaboration and reducing workplace conflicts.
Dove, Owl, Eagle, Peacock—What Makes Them Tick?
Tick’s profiling system categorizes personalities into four distinct ‘bird types,’ each representing a unique set of characteristics:
The Peacock: Expressive and enthusiastic, Peacocks thrive on social interactions and enjoy attention. They are imaginative and spontaneous but may struggle with routine tasks.
The Dove: Gentle and accommodating, Doves value harmony and support. They prefer stable environments and may resist change or high-pressure situations.
The Eagle: Confident and decisive, Eagles are natural leaders focused on results and efficiency. They are competitive and driven but may come across as impatient or insensitive.
The Owl: Analytical and detail-oriented, Owls are logical thinkers who value accuracy and structure. They are thorough but may be perceived as overly cautious or critical.
These profiles serve as a framework for individuals to understand both their own behaviors and those of their colleagues, facilitating improved communication and teamwork.
The election for the OpenSSL Corporation Board of Directors has now concluded. All eligible members have cast their votes, and it is confirmed that Tim Hudson has been reelected to the Board for a 3-year term.
A 2-year seat, vacated by Hugo Landau’s resignation.
We extend our gratitude to all nominees for their willingness to serve, as well as to the Members who participated and cast votes in support of our mission.
At the OpenSSL Corporation, we understand the value of collaboration, and while remote work keeps us connected, nothing beats the energy of meeting in person. That’s why we gather for face-to-face (F2F) meetings three to four times a year, bringing together team members from across the globe.
Our recent F2F meeting was the opportunity to reconnect not just with each other but also with our colleagues from the OpenSSL Foundation. With employees spread across seven locations and three continents, these gatherings allow us to put faces to names, share ideas more dynamically, and build the trust that is essential for collaboration.
We are pleased to present the OpenSSL Corporation Annual Report 2024, offering a comprehensive overview of our progress, key developments, and strategic initiatives throughout fiscal year 2024.
Report Highlights
Financial Summary – A transparent review of revenue, expenditures, and resource allocation.
Project Developments – Key feature releases, security updates, and enhancements to OpenSSL Library’s cryptographic capabilities.
Community & Partnerships – Recognition of contributors, collaborations, and the global impact of the OpenSSL Library.
Future Outlook – Upcoming initiatives for 2025 and beyond.
Download the Report
The OpenSSL Corporation Annual Report 2024 is now available for download. Access your copy here.
OpenSSL’s FIPS 140-3 module has progressed from the “Review Pending” phase to the “Coordination” phase on the NIST CMVP Modules-In-Process list. This change signifies that the National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS) have completed their initial examination of the module and are now collaborating with the OpenSSL team and the accredited testing laboratory on any remaining clarifications before final certification.
FIPS 140 (Federal Information Processing Standard Publication 140) is a U.S. government standard that defines the security requirements for cryptographic modules. Specifically, it ensures that these modules meet certain cryptographic and operational requirements to protect sensitive data and communications.
On January 13, 2025, OpenSSL Corporation hosted its inaugural Business Advisory Committee (BAC) meeting, marking a significant milestone in the project’s evolution towards enhanced community engagement and transparency. This kickoff meeting brought together key stakeholders to discuss the committee’s structure, purpose, and path forward.
Participants
OpenSSL Corporation
Anton Arapov
Tim Hudson
Katerina Micova
Advisory Committee Members
Billy Brumley (RIT) – Academics
Paul Dale (Oracle) – Committers
Jaroslav Reznik (Red Hat) – Distributions
Randall Becker - Individuals
Jeff Johnson (Cisco) – Large Business
James Bourne (FireDaemon Technologies) – Small Business
Meeting Highlights
Governance and Structure
The committee was presented with OpenSSL’s new governance model, effective from March 2024. This model introduces Business and Technical Advisory Committees to strengthen community involvement, incorporate the perspectives of our communities, and ensure informed and transparent decision-making to better serve our Mission.
The anticipated future arrival of cryptographically relevant quantum computers (CRQCs),
that could undermine the algorithms that underlie the currently most widely used public key algorithms (ECDHE, ECDSA, DH and RSA),
has led to the development and recent standardisation of new “post-quantum” (PQ) algorithms, that are believed to not be vulnerable to CRQC attack.
Two of the first algorithms standardized are ML-KEM (for key agreement) and ML-DSA (for digital signatures).
These algorithms are standardized by NIST in FIPS 203 and FIPS 204. These define the algorithm parameters and how to correctly
perform the necessary mathematical operations, but do not define such details as data formats for public and private keys.
Those details were left to other standards organisations, such as the IETF.
Upon certification of the election results by the Election Committee, the OpenSSL Foundation and the OpenSSL Corporation are pleased to announce the official results of the Business Advisory Committee (BAC) elections. After a thorough nomination and voting process, the OpenSSL community has selected a group of distinguished individuals to provide guidance and advice to OpenSSL.
Newly Elected Members
The following candidates have been elected to serve on the Business Advisory Committee:
