- OpenSSL 0.9.1c 23-Dec-1998
-
- Copyright (c) 1998 The OpenSSL Project
- Copyright (c) 1995-1998 Eric Young
+ Copyright (c) 1998-2018 The OpenSSL Project
+ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
+ DESCRIPTION
+ -----------
+
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
- Transport Layer Security (TLS v1) and Secure Sockets Layer (SSL v2/v3)
- protocols with full-strength cryptography world-wide. The project is managed
- by a worldwide community of volunteers that use the Internet to communicate,
- plan, and develop the OpenSSL tookit and its related documentation.
-
- OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
- and Tim J. Hudson. The OpenSSL toolkit is licensed under a BSD-style licence,
- which basically means that you are free to get and use it for commercial and
- non-commercial purposes.
-
- The package includes:
-
- libssl.a:
- Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
- both SSLv2, SSLv3 and TLSv1 in the one server.
-
- libcrypto.a:
- General encryption and X.509 stuff needed by TLS/SSL but not actually
- logically part of it. It includes routines for the following:
-
- Ciphers
- libdes - EAY's libdes DES encryption package which has been floating
- around the net for a few years. It includes 15
- 'modes/variations' of DES (1, 2 and 3 key versions of ecb,
- cbc, cfb and ofb; pcbc and a more general form of cfb and
- ofb) including desx in cbc mode, a fast crypt(3), and
- routines to read passwords from the keyboard.
- RC4 encryption,
- RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb.
- Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
- IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb.
-
- Digests
- MD5 and MD2 message digest algorithms, fast implementations,
- SHA (SHA-0) and SHA-1 message digest algorithms,
- MDC2 message digest. A DES based hash that is polular on smart cards.
-
- Public Key
- RSA encryption/decryption/generation.
- There is no limit on the number of bits.
- DSA encryption/decryption/generation.
- There is no limit on the number of bits.
- Diffie-Hellman key-exchange/key generation.
- There is no limit on the number of bits.
-
- X.509v3 certificates
- X509 encoding/decoding into/from binary ASN1 and a PEM
- based ascii-binary encoding which supports encryption with a
- private key. Program to generate RSA and DSA certificate
- requests and to generate RSA and DSA certificates.
-
- Systems
- The normal digital envelope routines and base64 encoding. Higher
- level access to ciphers and digests by name. New ciphers can be
- loaded at run time. The BIO io system which is a simple non-blocking
- IO abstraction. Current methods supported are file descriptors,
- sockets, socket accept, socket connect, memory buffer, buffering, SSL
- client/server, file pointer, encryption, digest, non-blocking testing
- and null.
-
- Data structures
- A dynamically growing hashing system
- A simple stack.
- A Configuration loader that uses a format similar to MS .ini files.
-
- Programs in this package include:
-
- enc - a general encryption program that can encrypt/decrypt using
- one of 17 different cipher/mode combinations. The
- input/output can also be converted to/from base64
- ascii encoding.
- dgst - a generate message digesting program that will generate
- message digests for any of md2, md5, sha (sha-0 or sha-1)
- or mdc2.
- asn1parse - parse and display the structure of an asn1 encoded
- binary file.
- rsa - Manipulate RSA private keys.
- dsa - Manipulate DSA private keys.
- dh - Manipulate Diffie-Hellman parameter files.
- dsaparam- Manipulate and generate DSA parameter files.
- crl - Manipulate certificate revocation lists.
- crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate.
- x509 - Manipulate x509 certificates, self-sign certificates.
- req - Manipulate PKCS#10 certificate requests and also
- generate certificate requests.
- genrsa - Generates an arbitrary sized RSA private key.
- gendh - Generates a set of Diffie-Hellman parameters, the prime
- will be a strong prime.
- ca - Create certificates from PKCS#10 certificate requests.
- This program also maintains a database of certificates
- issued.
- verify - Check x509 certificate signatures.
- speed - Benchmark SSLeay's ciphers.
- s_server- A test SSL server.
- s_client- A test SSL client.
- s_time - Benchmark SSL performance of SSL server programs.
- errstr - Convert from SSLeay hex error codes to a readable form.
-
-To install this package, read the INSTALL file.
-For the Microsoft world, read INSTALL.W32 file.
-
-For people in the USA, it is possible to compile SSLeay to use RSA Inc.'s
-public key library, RSAref. From my understanding, it is claimed by RSA Inc.
-to be illegal to use my public key routines inside the USA. Read
-doc/rsaref.doc on how to build with RSAref.
-
-Read the documentation in the doc directory. It is quite rough, but it lists
-the functions, you will probably have to look at the code to work out how to
-used them. I will be working on documentation. Look at the example programs.
+ Transport Layer Security (TLS) protocols (including SSLv3) as well as a
+ full-strength general purpose cryptographic library.
+
+ OpenSSL is descended from the SSLeay library developed by Eric A. Young
+ and Tim J. Hudson.
+
+ The OpenSSL toolkit is licensed under the Apache License 2.0, which means
+ that you are free to get and use it for commercial and non-commercial
+ purposes as long as you fulfill its conditions.
+
+ OVERVIEW
+ --------
+
+ The OpenSSL toolkit includes:
+
+ libssl (with platform specific naming):
+ Provides the client and server-side implementations for SSLv3 and TLS.
+
+ libcrypto (with platform specific naming):
+ Provides general cryptographic and X.509 support needed by SSL/TLS but
+ not logically part of it.
+
+ openssl:
+ A command line tool that can be used for:
+ Creation of key parameters
+ Creation of X.509 certificates, CSRs and CRLs
+ Calculation of message digests
+ Encryption and decryption
+ SSL/TLS client and server tests
+ Handling of S/MIME signed or encrypted mail
+ And more...
+
+ INSTALLATION
+ ------------
+
+ See the appropriate file:
+ INSTALL Linux, Unix, Windows, OpenVMS, ...
+ NOTES.* INSTALL addendums for different platforms
+
+ SUPPORT
+ -------
+
+ See the OpenSSL website www.openssl.org for details on how to obtain
+ commercial technical support. Free community support is available through the
+ openssl-users email list (see
+ https://www.openssl.org/community/mailinglists.html for further details).
+
+ If you have any problems with OpenSSL then please take the following steps
+ first:
+
+ - Download the latest version from the repository
+ to see if the problem has already been addressed
+ - Configure with no-asm
+ - Remove compiler optimization flags
+
+ If you wish to report a bug then please include the following information
+ and create an issue on GitHub:
+
+ - OpenSSL version: output of 'openssl version -a'
+ - Configuration data: output of 'perl configdata.pm --dump'
+ - OS Name, Version, Hardware platform
+ - Compiler Details (name, version)
+ - Application Details (name, version)
+ - Problem Description (steps that will reproduce the problem, if known)
+ - Stack Traceback (if the application dumps core)
+
+ Just because something doesn't work the way you expect does not mean it
+ is necessarily a bug in OpenSSL. Use the openssl-users email list for this type
+ of query.
+
+ HOW TO CONTRIBUTE TO OpenSSL
+ ----------------------------
+
+ See CONTRIBUTING
+
+ LEGALITIES
+ ----------
+ A number of nations restrict the use or export of cryptography. If you
+ are potentially subject to such restrictions you should seek competent
+ professional legal advice before attempting to develop or distribute
+ cryptographic code.