Keeping OpenSSL up to date is essential for security and for compatibility with the software that depends on it. This guide shows you how to check your OpenSSL version on Linux, Windows, and macOS, how to read the output, and how to update to the latest release.
Quick answer
Open a terminal (or Command Prompt on Windows) and run:
openssl version
For full build details, run:
openssl version -a
How to check the OpenSSL version
The command is the same on most systems; only the way you open the terminal differs. OpenSSL is pre-installed on most Linux distributions and on macOS, while on Windows you usually install it yourself.
Check the OpenSSL version on Linux
- Open the terminal: press Ctrl + Alt + T, or search for “Terminal” in your applications menu.
- Run the version command:
openssl version
The output shows the installed version, for example OpenSSL 3.5.6 4 Nov 2025.
Check the OpenSSL version on Windows
- Open Command Prompt: press Win + R, type cmd, and press Enter.
- Run the version command (use -a to also see build and configuration details):
openssl version -a
If Windows reports that openssl is not recognized, OpenSSL is not installed or not on your PATH. See our guide on how to install OpenSSL on Windows.
Check the OpenSSL version on macOS
- Open the Terminal. It is in Applications → Utilities, or press Cmd + Space and type “Terminal”.
- Run the version command:
openssl version
Important macOS note: Apple ships LibreSSL (a fork of OpenSSL), not OpenSSL itself, as the built-in openssl command. So on a stock Mac this command usually returns something like LibreSSL 3.3.6 rather than an OpenSSL version. To use genuine OpenSSL, install it with Homebrew and call it by its full path:
brew install openssl@3
/opt/homebrew/opt/openssl@3/bin/openssl version
On Intel Macs the path is /usr/local/opt/openssl@3/bin/openssl instead. Add that directory to your PATH if you want openssl to resolve to the Homebrew build by default.
OpenSSL version command flags
The openssl version command accepts several flags that reveal more about your installation. The most useful is -a, which combines them all:
openssl version -a
- -a — All information (the same as setting every flag below).
- -v — The version number only (this is the default output).
- -b — The date the installed version was built.
- -o — Option information: build-time options set in the library.
- -f — Compilation flags (the compiler flags used to build OpenSSL).
- -p — The platform (build target) setting.
- -d — The OPENSSLDIR setting: where OpenSSL looks for its configuration file and certificates.
- -e — The ENGINESDIR setting: where engine modules are stored.
- -m — The MODULESDIR setting: where provider modules are stored (OpenSSL 3.0 and later).
To print the usage message for the sub-command, run openssl version -help. (Note: this sub-command uses single-letter flags only, there are no long options such as –full or –purpose.)
Understanding the version output
The output follows the format OpenSSL <version> <date>, for example OpenSSL 3.5.6 4 Nov 2025:
- OpenSSL — the product name (this is where you would see LibreSSL on a stock Mac).
- <version> — the version number, written as major.minor.patch (e.g. 3.5.6). The first number marks major releases, the second a feature release, and the third a patch (security/bug-fix) release.
- <date> — the release date of that version, which tells you how recent your build is.
Is your version still supported? As of 2026, OpenSSL 3.5 is the current long-term support (LTS) release, maintained until April 2030. The previous LTS, OpenSSL 3.0, receives security fixes only until September 7, 2026. OpenSSL 1.1.1 reached end of life in September 2023, if openssl version reports 1.1.1 or older, you are running an unsupported, unpatched version and should upgrade as soon as possible.
How to update to the latest OpenSSL version
Update OpenSSL on Linux
Use your distribution’s package manager. On Debian/Ubuntu:
sudo apt update
sudo apt upgrade openssl
On RHEL/CentOS/AlmaLinux/Rocky/Fedora:
sudo dnf upgrade openssl
Note that package managers install the version packaged for your distribution, which may trail the very latest upstream release but still receives backported security fixes.
Update OpenSSL on Windows
- Download the latest installer from the OpenSSL for Windows website.
- Run the installer and follow the on-screen steps. For a full walkthrough, see our guide on how to install OpenSSL on Windows.
Update OpenSSL on macOS
The simplest and safest method is Homebrew:
brew update
brew upgrade openssl@3
If you prefer to build from source (advanced), download the latest release from the official OpenSSL source page, then extract and build it. Replace 3.5.6 with the current version shown on that page:
tar -xzvf openssl-3.5.6.tar.gz
cd openssl-3.5.6
./config
make
make test
sudo make install
Two important cautions: OpenSSL’s configuration script is ./config (or ./Configure) — it is not the standard ./configure. And on macOS, running sudo make install can shadow the system LibreSSL and break tools that rely on it, so Homebrew is strongly recommended over a source install unless you know you need it.
Frequently Asked Questions
Because Apple replaced OpenSSL with LibreSSL as the built-in command-line tool on macOS. The system openssl command therefore reports a LibreSSL version. To use genuine OpenSSL, install it with Homebrew (brew install openssl@3) and run it from its keg path, such as /opt/homebrew/opt/openssl@3/bin/openssl.
Because patch releases come out regularly, always check the official OpenSSL source page for the exact current version.
Compare the version from openssl version against the supported releases. OpenSSL 1.1.1 and earlier are end of life (no security fixes) and OpenSSL 3.0 receives security-only fixes until September 7, 2026. If you are on an end-of-life branch, you are exposed to unpatched vulnerabilities and should upgrade to a supported release such as 3.5 LTS.
Not always. The openssl command is the command-line interface to a TLS/crypto library, but on some systems (notably macOS) that command is provided by LibreSSL. Run openssl version to confirm which library, and which version, you actually have.
Bottom line
Checking your OpenSSL version takes a single command — openssl version — on Linux, Windows, and macOS, with openssl version -a giving the full picture. Keeping OpenSSL current protects your system against known vulnerabilities and keeps it compatible with the software that relies on it. To learn more about the toolkit itself, read our guide on what OpenSSL is, or explore our SSL tools for related certificate tasks.
Save 10% on SSL Certificates when ordering from SSL Dragon today!
Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10

