top of page

FireDaemon OpenSSL

OpenSSL Binary Distributions for Microsoft Windows

About OpenSSL

OpenSSL Binary Distributions for Microsoft Windows

OpenSSL is a popular open-source, publicly available software library that provides a robust, full-featured set of cryptographic functions and tools to secure communications over computer networks. When we build and ship FireDaemon Certify One, FireDaemon Fusion, and FireDaemon Lozenge we try to ensure they contain the most recent version of OpenSSL. We thought it would be useful to make our OpenSSL Binary Distributions (in EXE installer and ZIP file formats) available to you to download and use free of charge.

 

The key advantages of using FireDaemon OpenSSL over others that are available are:

  • No need to deploy various software tools to attempt to compile the source from scratch. Our build script is available if you do want to compile OpenSSL yourself

  • No external dependencies. Installing or distributing the Visual C++ Redistributable Runtime (MSVC) is unnecessary. There is an implicit dependency on the Windows Universal C Runtime (UCRT), but that is included in all modern versions of Microsoft Windows by default

  • Packaged for simple deployment and use case scenarios, including standalone, embeddable, deployable, or portable

  • Recommended for users and software developers by 

  • The installers and binaries are digitally signed with our Sectigo Extended Validation (EV) code signing certificate to prevent Windows SmartScreen warnings and to enable you to validate binary integrity, meeting your compliance requirements

  • The installers are submitted to VirusTotal to ensure they are virus and malware free.

Download

Below you will find pre-compiled OpenSSL executables and libraries for Microsoft Windows Operating Systems packaged as EXE installers and ZIP files. OpenSSL can be used standalone or integrated into any Windows application. The installers, EXEs and DLLs are digitally signed with our Extended Validation (EV) code signing certificate.

We do not have an EAR CCL ECCN. This is intentional. You must seek independent legal advice before using/integrating/exporting our OpenSSL installers and ZIP files in your product if you believe you are subject to export controls.

Please use the latest 4.0, 3.6, 3.5 LTS, or 3.0 LTS release. 1.1.1 is end-of-life.

We no longer supply OpenSSL 3.1, 3.2, 3.3, and 3.4 binaries.
OpenSSL 1.0.2zp, 1.1.1zg or later are only available to OpenSSL customers who have a Premium Support Contract.
OpenSSL maintains a list of 3rd-party maintained binary distributions of OpenSSL.
Please review our Release Policy before downloading and using this distribution.

Download FireDaemon OpenSSL free from our download page.

To calculate or verify the SHA2-256 checksums, please use FireDaemon Lozenge.

Installing OpenSSL

Windows Installer

You can download the Windows installers from our download page. Installation is straightforward. OpenSSL is installed into the following file system locations, which is specified during the build and follow OpenSSL's conventions.

You can silently install OpenSSL with the following command in an elevated command prompt (noting APPDIR and ADJUSTSYSTEMPATHENV are optional):

The installer wizard language text is available in various languages. The installer wizard text will be displayed in the same language as your display language. If your display language is not available, the installer wizard will be displayed in English. If you need the installer wizard text to be displayed in a specific language, use one of the command lines below.

You can silently uninstall OpenSSL with the following commands:

Winget Package Manager

Instead of downloading and installing the Windows Installer, you can use the Microsoft package manager called winget. Winget is built into Windows 10, 11, and Server 2025 or can be installed manually. To install FireDaemon OpenSSL, open a command prompt on your computer, then:

ZIP File

Instead of using the installer or package manager, you can download one of the ZIP files from our download page.

  1. Follow the instructions below if you have downloaded one of the ZIP files and want to deploy OpenSSL manually (e.g. on the local hard disk or a USB drive for a portable installation).

  2. Download the appropriate FireDaemon OpenSSL Binary Distribution ZIP file from our download page.

  3. Unpack the contents of the folder found in the ZIP file to a temporary directory (e.g. C:\Temp).

  4. Copy the contents (i.e. the files and directories contained within) of the x64 folder or x86 folder to your target directory (e.g. C:\OpenSSL).

  5. Copy the ssl folder and contents to the target directory (e.g. C:\OpenSSL).

 

The commands to copy the files correctly from the location where you unpacked the ZIP file (assuming C:\Temp) are as follows:

Your directory structure should look as follows:

To use OpenSSL, open an elevated Command Prompt (adjusting the path in OPENSSL_HOME to suit your manual installation):

Create Self-Signed X.509 Certificate

To create a self-signed X.509 certificate and post-quantum ML-DSA-87 FIPS 204 private key using the same environment variables as above:

FireDaemon OpenSSL 4 Command Line – certificate signing request in an elevated PowerShell
OpenSSL

OpenSSL Documentation

Please refer to OpenSSL's documentation at docs.openssl.org.

FireDaemon slapp-kit C++ Library

FireDaemon slapp-kit is a free, open-source C++ library that makes it easy to work with OpenSSL and SQLite databases.

Checking SSL/TLS Certificate Validity with FireDaemon Certify One

FireDaemon Certify One allows you to audit, check, inspect, and validate SSL/TLS certificates and certificate chains. Fortify also has a browser-based TLS Encryption Check Tool available.

Compiling OpenSSL From Source

Release Policy

Whenever we release an updated version of FireDaemon Fusion, FireDaemon Certify One, or OpenSSL gets updated with security fixes or features, we will provide the latest tagged version of the OpenSSL stable branch. The currently deployed OpenSSL library commit versions are listed underneath the download links on our download page. Commit is described viz:

Source

We directly pull from OpenSSL's official GitHub repository.

FireDaemon OpenSSL Build Scripts & Compilation Tools

The FireDaemon OpenSSL Build Scripts rely on the following software development tools:

Basic Compilation Instructions

To compile OpenSSL from source using our build scripts:

  1. Install the tools listed above. When installing Visual Studio install:

    1. Workload: "Desktop development with C++"

    2. Individual Components: "MSVC Build Tools for ARM64/ARM64EC (Latest)"

  2. Download our build scripts and unpack them into the directory of your choice.

  3. Open a CMD Prompt then cd "c:\<UnpackLocation>\mkopenssl"

  4. If you have a code signing certificate update the :sign-and-collect section in your chosen script below.

  5. Choose which build script to use and run it directly:

    1. mkopenssl-4 builds OpenSSL 4.0.x

    2. mkopenssl-3 builds OpenSSL 3.6.x

    3. mkopenssl-3.x builds the latest OpenSSL 3.x.x

    4. mkopenssl-3.0-hybridcrt builds OpenSSL 3.0.x

    5. mkopenssl-3.5 builds OpenSSL 3.5.x

    6. mkopenssl-1.1.1-hybridcrt builds OpenSSL 1.1.x

The actual command line to build OpenSSL is as follows (where %toolset% is VC-WIN32-HYBRIDCRT and VC-WIN64A-HYBRIDCRT, respectively). Adjust the scripts if you need to add or remove features from OpenSSL.

Integrating OpenSSL with Your Visual Studio Project

You must configure your project's properties to use the headers and libraries in FireDaemon OpenSSL in your Visual Studio project.

Sample Project

We have included sample Visual Studio Project in the OpenSSL 3 ZIP files. The sample projects can be found in the "projects" folder.

Additional Include Directories

Prepend "C:\Program Files\FireDaemon Open SSL 3\include"; to Property Pages → C/C++ → General → Additional Include Directories in your project per the screenshot below, adjusting the prepended path to suit your installation. In our case, we use a pre-defined User Macro called OpenSslIncludeDir. You can also specify this path on the command line:

Property Pages → C/C++ → General → Additional Include Directories
Set Include Path

Additional Library Directories

Prepend "C:\Program Files\FireDaemon Open SSL 3\lib"; to Property Pages → Linker → General → Additional Library Directories in your project per the screenshot below, adjusting the prepended path to suit your installation. In our case, we use a pre-defined User Macro called OpenSslLibraryDir. You can also specify this path on the command line:

Property Pages → C/C++ → General → Additional Include Directories
openssl-vs-library-directories

Additional Dependencies

Prepend libcrypto.lib;libssl.lib; to Property Pages → Linker → Input → Additional Dependencies in your project per the screenshot below. You can also specify this on the command line:

Property Pages → Linker → Input → Additional Dependencies
openssl-vs-additional-dependencies

Basic Troubleshooting

If you run into issues compiling or linking FireDaemon OpenSSL, please review the tips below to help you debug your project:

  • Ensure you have set up your Visual Studio project correctly per the previous section.

  • When compiling OpenSSL yourself, ensure you choose the correct target platform. For example, ./configure <toolset> where <toolset> can be triplets including VC-WIN64A and Cygwin-x86_64. The complete list of toolsets can be found by typing perl ..\configure LIST.

  • Verify that the versions of libssl.lib and libcrypto.lib are correct by using dumpbin.exe, which is available in the Windows SDK. dumpbin /ALL libssl.lib should refer to libssl-3.dll. dumpbin /ALL libcrypto.lib should refer to libcrypto-3.dll.

  • Use /VERBOSE when linking to verify the libraries found and used by the linker.

  • Use Dependencies to verify the dependencies of your built executable.

  • Ensure you build, rebuild, or clean your project to avoid stale dependencies, outdated object files, and other artifacts and detritus that may have accumulated in your project.

  • Double-check, then triple-check your compiler and linker command line to ensure your project is not referring to folders or directories that may contain other versions of OpenSSL libs and DLLs.

  • Use pre-defined User Macros in your project to ensure you explicitly reference the correct OpenSSL include, lib, and bin directories (e.g. OpenSslIncludeDir, OpenSslLibDir, OpenSslBinDir).

FireDaemon Software Development Services

We offer paid commercial software development services to assist you in building and integrating OpenSSL into your project or product. Please contact us for rates and availability.

Privilege Escalation Mitigation

When building OpenSSL, the build scripts bake the default location of the library (i.e. the installation directory) and the SSL configuration into the final product. By default, OpenSSL automatically loads the SSL configuration file from the default file system location. This leads to an easily exploitable privilege escalation scenario documented in CVE-2019-12572. Our build of OpenSSL mitigates this flaw using the following preventative measures:

​​

  • The target directories we have chosen are Windows' default system program files directories, assuming a 64-bit architecture with a shared configuration file directory common to both x64 and x86:

    • x64: C:\Program Files\FireDaemon OpenSSL 3, C:\Program Files\Common Files\FireDaemon SSL 3

    • x86: C:\Program Files (x86)\FireDaemon OpenSSL 3, C:\Program Files\Common Files\FireDaemon SSL 3

 

  • To mitigate security issues even on non-default installations, we build the library so that it doesn't automatically load the SSL configuration. Hence, when using the OpenSSL tools or the DLLs in your products, you have to explicitly load the SSL configuration.

 

  • All FireDaemon software products that utilise OpenSSL initialise the OpenSSL library at runtime using a flag that prevents the loading of the default configuration.

Compatibility and Support Matrix

​The table below provides a compatibility and support matrix, mapping compatible Microsoft Windows operating system versions to specific FireDaemon OpenSSL software versions.

(1) Windows Desktop Operating System is End of Support
(2) Windows Server Operating System is End of Support

✅ Compatible / Supported

The software is designed to be installed on the Microsoft Windows operating system. We actively support the operating system version plus software version combination, provided that the 32-bit (x86) version is deployed on a 32-bit (x86) operating system and the 64-bit (x64) version is deployed on a 64-bit (x64) operating system. Please see the License, Warranty, and Support section below.

⚠️ Compatible / Unsupported

The software product can be installed on the Microsoft Windows operating system. We do not support the operating system version plus software version combination. This is typically due to the operating system version reaching End of Support.

❌ Incompatible / Unsupported

The software product should not or does not install or work on the Microsoft Windows operating system. We do not support the operating system version plus software version combination.

Export Controls

We do not have an EAR CCL ECCN. This is intentional. You must seek independent legal advice before using/integrating/exporting our OpenSSL installers and ZIP files in your product if you believe you are subject to export controls.

License, Warranty, and Support

Our OpenSSL Binary Distribution is free to use and redistribute. Product use, redistribution, and warranty are governed by the OpenSSL License.

Buy SSL/TLS Certificates

Buy SSL/TLS Certificates from SSL.com →

Buy TLS SSL Certificates

Join the OpenSSL Communities

For OpenSSL questions, feature requests, bug reports, or implementation help, join the OpenSSL Communities at openssl-communities.org.

OpenSSL_Communities.png

Acknowledgments

This product includes:

bottom of page