Step 1: Open Terminal or Command Prompt

First, open the terminal on your system. This applies to all operating systems, including Linux, macOS, and Windows.

Step 2: Execute the OpenSSL Version Command

To check the installed OpenSSL version, run the following command:

openssl version

The command will return output similar to this:

OpenSSL 1.1.1k  25 Mar 2021

Here, 1.1.1k is the version number, and 25 Mar 2021 is the release date.

The output shows the OpenSSL version designation and the date of its initial release:

We can break down the version format to get valuable insight. Additionally, using flags helps structure the data. The sections below explain how to understand the version information in detail and how to use flags to format the data.

Understanding the OpenSSL Version Format

The version information format provides a lot of information. The position of the numbers represents the release type:

• Major Releases. You can recognize a major release if the first digit changes. This type of release can break compatibility with previous versions, for example, 2.0.0 vs. 3.0.0.
• Minor Releases. A minor release changes the second number of the version designation, e.g., 3.0.0 vs. 3.1.0. These releases are likely to contain new features; however, they should not break binary compatibility. You do not need to recompile applications to benefit from them.
• Patch Releases. A patch release changes the final number in the version, fe.g., 3.0.0 vs. 3.0.1. It only contains bug and security fixes, and the API and ABI remain compatible across patch releases.
  

  OpenSSL Version Command: Flags

  There are several flags that modify the openssl version command output.

  The -help flag lets you see an overview of all valid options for the openssl version command:

  openssl version -help

  

  The output shows the options that allow you to narrow down your search. The option that provides the most comprehensive set of information is:

  openssl version -a

  The -a flag compiles all the information contained under the individual flags into a single output:

  

  This option is convenient when troubleshooting or composing a bug report.

  The OPENSSLDIR line tells you where OpenSSL looks for its configurations and certificates. You can print that specific line by specifying the -d flag:

  openssl version -d

  

  In the example above, the configuration files and certificates are located at /usr/lib/ssl.

  If you specify the -c flag, the command provides CPU information that indicates which cryptographic operations or optimizations OpenSSL can take advantage of based on your CPU’s capabilities. For example:

  

  In the example above:

  • 0xc2da2203478bffff represents a set of 64 bits, each corresponding to a specific CPU feature or capability.
  • 0x842509 represents additional CPU features or optimizations specific to OpenSSL.

  OpenSSL uses this information to detect certain CPU capabilities that can be used to optimize cryptographic operations.

Check OpenSSL Version on Different Operating Systems

Depending on your operating system, the method to check the OpenSSL version might slightly vary. Below are commands specific to popular OS environments:

1. Ubuntu/Debian

For Ubuntu or Debian-based systems, use:

sudo apt list --installed | grep openssl

This will list the installed OpenSSL version.

2. CentOS/RHEL

On CentOS or RHEL, check with:

rpm -q openssl

This command queries the installed OpenSSL package.

3. macOS

If you’re on macOS, especially with Homebrew, use:

brew info openssl

This will provide details about the OpenSSL installation.

4. Windows

For Windows users, first, find the OpenSSL installation path:

where openssl

Navigate to the directory and run:

openssl version

Why Checking Your OpenSSL Version is Important

Keeping your OpenSSL version up-to-date ensures compatibility with the latest security protocols and reduces vulnerabilities. Make sure to regularly check and update OpenSSL.