kb.firedaemon.com
Open in
urlscan Pro
34.206.185.202
Public Scan
URL:
https://kb.firedaemon.com/support/solutions/articles/4000121705
Submission: On November 13 via manual from RU — Scanned from DE
Submission: On November 13 via manual from RU — Scanned from DE
Form analysis 1 forms found in the DOM
/support/search/solutions
<form class="hc-search-form print--remove" autocomplete="off" action="/support/search/solutions" id="hc-search-form" data-csrf-ignore="true">
<div class="hc-search-input">
<label for="support-search-input" class="hide">Enter your search term here...</label>
<input placeholder="Enter your search term here..." type="text" name="term" class="special ui-autocomplete-input" value="" rel="page-search" data-max-matches="10" id="support-search-input" autocomplete="off">
</div>
<div class="hc-search-button">
<button class="btn btn-primary" aria-label="Search" type="submit" autocomplete="off">
<i class="mobile-icon-search hide-tablet"></i>
<span class="hide-in-mobile"> Search </span>
</button>
</div>
</form>Text Content
Help Center
Welcome
Login Sign up
Products Download Resellers Support Pricing
HOW CAN WE HELP YOU TODAY?
Enter your search term here...
Search
New support ticket
Check ticket status
Solution home Products, Downloads, Pricing and User Guides FireDaemon OpenSSL
OPENSSL 3.1, 3.0 AND 1.1.1 BINARY DISTRIBUTIONS FOR MICROSOFT WINDOWS
Modified on: Tue, 7 Nov, 2023 at 12:06 AM
--------------------------------------------------------------------------------
TABLE OF CONTENTS
* About OpenSSL
* Download OpenSSL
* Installation Instructions
* OpenSSL ZIP Files
* OpenSSL Windows Installer
* OpenSSL Screenshot
* OpenSSL Documentation
* Checking SSL / TLS Certificate Validity with Certify One
* Compiling OpenSSL From Source
* Release Policy
* Source
* Build Script
* Compilation
* Integrating OpenSSL with Your Visual Studio Project
* Additional Include Directories
* Additional Library Directories
* Privilege Escalation Mitigation
* Compatibility and Support Matrix
* License, Warranty, and Support
* Acknowledgments
* Buy SSL / TLS Certificates
ABOUT OPENSSL
OpenSSL is a popular open-source, publicly available software library that
provides a robust, full-featured set of cryptographic functions and tools to
secure communications over computer networks. When we build and ship FireDaemon
Certify One, FireDaemon Fusion, and FireDaemon Lozenge we try to ensure it
contains the most recent version of OpenSSL. We thought it would be useful to
make our OpenSSL Binary Distribution available to you to download and use free
of charge. The key advantages of using our OpenSSL Binary Distribution for
Microsoft Windows over others that are available are:
* No need to deploy various software tools in order to attempt to compile the
source from scratch. Our build script is available for free too if you do
want to compile OpenSSL yourself.
* No external dependencies. There is no need to install or distribute the
Visual C++ Redistributable Runtime (MSVC). There is an implicit dependency on
the Windows Universal C Runtime (UCRT) which is included by default in all
modern versions of Microsoft Windows.
* Packaged for simple deployment and use case scenarios including standalone,
embeddable, deployable, or portable
* Digitally signed with our Extended Validation (EV) code signing certificate
in order to avoid Windows SmartScreen warnings, and increase trust by virtue
of Sectigo's authentication and verification procedures on us: FireDaemon
Technologies Limited and validatable binary integrity to meet your compliance
requirements.
DOWNLOAD OPENSSL
Pre-compiled executables (EXE) and libraries (DLL) for Microsoft Windows
Operating Systems. The distributions can be used standalone or integrated into
any Windows application. The EXE and DLL are digitally signed with our Extended
Validation (EV) code signing certificate. Note that we do not have an EAR CCL
ECCN for our Binary Distributions. This is intentional. You must seek
independent legal advice prior to using/integrating/exporting our Binary
Distributions in your own products.
Download OpenSSL Binary Distributions for Microsoft Windows
OpenSSL 3.1.4 ZIP File
October 2023
SHA2-256 BD575D5CA8E04009B7A3FF805C6E70574B1CC11ECC2393E74F59932C2C620796
Git commit openssl-3.1.4-0-g01d5e23184
OpenSSL 3.1.4 Windows x64 Installer
October 2023
SHA2-256 2EA2CC3871BB198392AABB6EC00E3E34FD38CFFC4850B0FA492E0A86778FF775
Git commit openssl-3.1.4-0-g01d5e23184
OpenSSL 3.0.12 ZIP File
October 2023
SHA2-256 2F52194AC37B5DC1D9660ABB478FF728449CD60565B58BAF57382B0D5E51CF37
Git commit openssl-3.0.12-0-gc3cc0f1386
OpenSSL 1.1.1w ZIP File
September 2023
SHA2-256 1870B15BF6749E65FFBBADF52CDFF3EE0E9F02943550BF4395574BB432AF3EB8
Git commit OpenSSL_1_1_1w-0-ge04bd3433f
For 64-bit / Win64 / x64 and 32-bit / Win32 / x86 Microsoft Windows Operating
Systems
To calculate / verify the SHA2-256 checksums please use FireDaemon Lozenge!
OpenSSL maintains a list of 3rd-party maintained binary distributions of
OpenSSL.
Please review our Release Policy before downloading and using this distribution.
Support for specific versions of OpenSSL is now at an end. Ensure you use a
supported version.
We do not have an ECCN for our Binary Distributions.
You must seek independent legal advice prior to using / integrating / exporting
our Binary Distributions.
INSTALLATION INSTRUCTIONS
OPENSSL ZIP FILES
1. Follow the instructions below if you have downloaded one of the ZIP files
above and want to deploy OpenSSL manually (e.g. on the local hard disk or on
a USB drive for a portable installation)
2. Download the appropriate FireDaemon OpenSSL Binary Distribution ZIP file via
the links above.
3. Unpack the contents of the "openssl-1.1" or "openssl-3" or "openssl-3.1.0"
folder in the respective ZIP file to a temporary directory (e.g. C:\Temp)
4. Copy the contents of (i.e. the files and directories contained within) the
x64 folder or x86 folder to your target directory (e.g. C:\OpenSSL)
5. Copy the ssl folder and contents to the target directory (e.g. C:\OpenSSL).
The commands to copy the files correctly from the location where you unpacked
the ZIP file (assuming C:\Temp) are as follows:
: For OpenSSL 1.1
cd C:\Temp\openssl-1.1
: For OpenSSL 3.0 and 3.1
cd C:\Temp\openssl-3
: Copy the binaries specific to your platform
: Copy 64-bit binaries
robocopy x64 C:\OpenSSL /E
: Or, copy 32-bit binaries. Don't copy both!
robocopy x86 C:\OpenSSL /E
: Copy the ssl folder
robocopy ssl C:\OpenSSL\ssl /E
Generic
Your directory structure should look as follows:
C:\OpenSSL>dir /b
bin
include
lib
ssl
Generic
To use OpenSSL, simply open an elevated Command Prompt then (adjusting the path
in OPENSSL_HOME to suit your manual installation):
: You can set OPENSSL_HOME=%~dp0 in a batch script for portable installs
set OPENSSL_HOME=C:\OpenSSL
set OPENSSL_CONF=%OPENSSL_HOME%\ssl\openssl.cnf
set PATH=%OPENSSL_HOME%\bin;%PATH%
cd /d %OPENSSL_HOME%
openssl version -a
Generic
To create a certificate signing request and private key using the same
environment variables as above :
openssl genrsa -out server.key 4096openssl req -new -key server.key -out server.csr -sha256openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
HTML
OPENSSL WINDOWS INSTALLER
Instead of downloading the ZIP file, and for convenience, you can download our
Windows installer via the link above in the "Download OpenSSL" section.
Installation is straightforward. OpenSSL is installed into the following file
system locations. These locations are specified during the build and follow
OpenSSL's own conventions. Thanks to Advanced Installer for helping us out.
%PROGRAMFILES%\FireDaemon OpenSSL 3%PROGRAMFILES%\Common Files\FireDaemon SSL 3
HTML
You can silently install OpenSSL with the following command in an elevated
command prompt:
FireDaemon-OpenSSL-x64-3.1.4.exe /exenoui /exelog fdopenssl3.log /qn /norestart REBOOT=ReallySuppress
HTML
You can silently uninstall OpenSSL with the following command in an elevated
command prompt:
: Verify Product GUID
wmic product where name="FireDaemon OpenSSL 3" get IdentifyingNumber
: Uninstall silently
msiexec /x {A8B0D50D-F952-49EB-A53A-BDB95BA32284} /quiet /noreboot
HTML
OPENSSL SCREENSHOT
Below is a screenshot showing the executed commands at an elevated command
prompt:
OPENSSL DOCUMENTATION
Please refer to OpenSSL's documentation.
CHECKING SSL / TLS CERTIFICATE VALIDITY WITH CERTIFY ONE
FireDaemon Certify One allows you to audit, check, inspect, and validate SSL /
TLS certificates and certificate chains. Fortify also has a browser-based TLS
Encryption Check Tool available.
COMPILING OPENSSL FROM SOURCE
RELEASE POLICY
Whenever we release an updated version of FireDaemon Fusion, FireDaemon Certify
One, or OpenSSL gets updated with security fixes, we will provide the latest
tagged version of the OpenSSL stable branch. The currently deployed OpenSSL
library commit versions are listed underneath the download links above. Commit
is described viz:
git describe --always --tag --long --first-parent --dirty
Generic
SOURCE
We directly pull from OpenSSL's official GitHub repository.
BUILD SCRIPT
You can use our build script to create the binary distributions. The build
script has the following dependencies:
* Visual Studio Community Edition
* Git for Windows
* Strawberry Perl.
COMPILATION
The actual command line to build OpenSSL is as follows (where %toolset% is
VC-WIN32 and VC-WIN64A respectively):
perl ..\Configure %toolset% no-asm no-ssl3 no-zlib no-comp no-autoload-config --api=1.1.0 --prefix="%installdir%" --openssldir="%commoninstalldir%" -DOPENSSL_NO_DEPRECATED
Generic
INTEGRATING OPENSSL WITH YOUR VISUAL STUDIO PROJECT
To use the headers and libraries present in OpenSSL in your Visual Studio
project, you will need to configure the properties of your project.
ADDITIONAL INCLUDE DIRECTORIES
Prepend "C:\Program Files\FireDaemon Open SSL 3\include"; to Property Pages ->
C/C++ -> General -> Additional Include Directories in your project per the
screenshot below (adjusting the prepended path to suit your installation):
ADDITIONAL LIBRARY DIRECTORIES
Prepend "C:\Program Files\FireDaemon Open SSL 3\lib"; to Property Pages ->
Linker -> General -> Additional Library Directories in your project per the
screenshot below (adjusting the prepended path to suit your installation):
PRIVILEGE ESCALATION MITIGATION
When building OpenSSL, the build scripts bake the default location of the
library (ie. the installation directory) and the SSL configuration into the
final product. By default, OpenSSL automatically loads the SSL configuration
file from the default file system location. This leads to an easily exploitable
privilege escalation scenario documented in CVE-2019-12572. Our build of OpenSSL
mitigates this flaw using the following preventative measures:
* The target directories we have chosen are Windows' default system program
files directories assuming a 64-bit architecture with a shared configuration
file directory common to both x64 and x86:
* x64: C:\Program Files\FireDaemon OpenSSL, C:\Program Files\Common
Files\FireDaemon SSL
* x86: C:\Program Files (x86)\FireDaemon OpenSSL, C:\Program Files\Common
Files\FireDaemon SSL
* To mitigate security holes even on non-default installations, we build the
library such that it doesn't automatically load the SSL configuration. Hence,
when using the OpenSSL tools or the DLLs in your products you have to
explicitly load the SSL configuration.
* All FireDaemon software products that utilise OpenSSL initialise the OpenSSL
library at runtime using a flag that prevents the loading of the default
configuration.
COMPATIBILITY AND SUPPORT MATRIX
The table below provides a compatibility and support matrix, mapping specific
compatible Microsoft Windows operating system versions to specific
FireDaemon OpenSSL software versions.
OpenSSL Versions
OpenSSL 3.1, 3.0, and 1.1.1Windows Operating System Version32-bit (x86)64-bit
(x64)Windows XP (1)
Windows Vista (1)
Windows 7 (1)
Windows 8 (1)
Windows 8.1 (1)
Windows 10
Windows 11
Server 2008 (2)
Server 2008 R2 (2)
Server 2012
Server 2012 R2
Server 2016
Server 2019
Server 2022
(1) Windows Desktop Operating System is End of Support
(2) Windows Server Operating System is End of Support
Compatible / SupportedThe software product is designed to be installed on the
Microsoft Windows operating system version. The operating system version plus
software version combination is actively supported by us on the proviso that the
32-bit (x86) version is deployed on a 32-bit (x86) operating system and the
64-bit (x64) version is deployed on a 64-bit (x64) operating system. Please see
the License, Warranty, and Support section below.Compatible / UnsupportedThe
software product should install on the Microsoft Windows operating system
version. The operating system version plus software version combination is not
supported by us. This is typically due to the operating system version reaching
End of Support.Incompatible / UnsupportedThe software product should not or does
not install on the Microsoft Windows operating system version or does not work.
The operating system version plus software version combination is not supported
by us.
LICENSE, WARRANTY, AND SUPPORT
Our OpenSSL Binary Distribution is free to use and redistribute. Product use,
redistribution, and warranty are governed by the OpenSSL License. If you have
questions regarding OpenSSL, wish to report bugs, or require implementation
guidance please consider joining the OpenSSL Community.
ACKNOWLEDGMENTS
This product includes:
* Software developed by the OpenSSL Project for use in the OpenSSL Toolkit
* Cryptographic software written by Eric Young
* Software written by Tim Hudson.
BUY SSL / TLS CERTIFICATES
--------------------------------------------------------------------------------
Did you find it helpful? Yes No
Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.
RELATED ARTICLES
* FireDaemon Fusion TLS / SSL Key Setup / Integration Guide
* FireDaemon Fusion SSL / TLS Configuration
* FireDaemon Fusion and Fusion OEM 7.1.4
* FireDaemon Fusion and Fusion OEM Changelog
* FireDaemon Lozenge Changelog
* Configuring Nginx To Securely Reverse Proxy Requests To FireDaemon Fusion
* log4j 2: FireDaemon software is NOT impacted
* FireDaemon Fusion Compatibility and Support Matrix
* FireDaemon Fusion and Fusion OEM 6.6.6
* Installing FireDaemon Fusion
Products Download Resellers Support Pricing
© 1999-2023 FireDaemon Technologies Limited