OpenSSL in the Wild (2025)

In June we asked OpenSSL users to complete a short survey. Of the 54 responses, 39 reported where they were in the world. Since this was our first survey, the sample is not as representative as we’d like. While the OpenSSL Library has a global presence, few people know that it exists or what it does. Our survey respondents are among the rare who do.

The survey provided four categories of use cases to select from. Since 33 respondents listed more than one reason, the counts add up to well over 54. Our sample shows a fairly even distribution of use cases.

Why do you use OpenSSL? count TLS/SSL, DTLS or QUIC protocols included in libssl 34 Cryptography algorithms included in libcrypto 31 Some other software has it as a dependency 31 The command line interface 28 Other 21

The survey included space for people to leave free responses so that people could be more specific. We heard from:

• Corey Minyard, the maintainer of ser2net which allows serial port devices to be accessed via the internet. Because it uses the OpenSSL Library (via the gensio framework), these connections can be protected by TLS/SSL.
• Igor Micev, a Cloud Automation Engineer at Broadcom uses encryption algorithms from the OpenSSL Library to keep the data their clients handle secure. They rely heavily on SSL certificates to encrypt data in transit.
• Another maintainer, of Squid Proxy, commented that Squid users expect HTTPS support and they have been using OpenSSL Library to provide that function.
• Michael Wojcik at Rocket Software was part of a team that built a TLS interface for COBOL programs.

Finally we asked about which version of the OpenSSL Library our respondents use. In all 22 respondents selected more than one version because they are supporting multiple OpenSSL releases.

While the majority of reported revisions are in the 3.X line, some are still on end-of-life versions (1.0.2 and 1.1.1). Since 3.5 had only been out a short time in June, we can expect some of the people using 3.1 through 3.5 have migrated to the latest release since they were surveyed.

A big thank you to everyone who participated this year. Next year we’d like to take what we learned about running the survey to get more representative results. In the meantime, we’ve left the OpenSSL in the Wild survey open, if you’d like to leave your feedback.