Support |  Community Participation |  FAQ |  Request Tracker |  Donations |  Funding |  Consulting |  Acknowledgments 



Does your company use the OpenSSL toolkit and need some help porting it to a new platform? Do you need a new feature added? Are you developing new cryptographic functionality for your product?

Even if you have experienced in-house software development personnel you may find that the OpenSSL team can provide cost-effective solutions to your OpenSSL related challenges. No one knows OpenSSL like the people who write and maintain it and work with it every day. Also, the income they earn though their paid consulting work supports their unpaid work on OpenSSL, so by hiring OpenSSL team members you are not only solving your own problems but also helping to ensure the long term viability of the OpenSSL product.

While our passion is open source, part of that passion is seeing our software widely used. We understand the requirements of commercial industry and will work under and respect appropriate non-disclosure agreements.

OpenSSL team members have recently performed or are currently performing the following work. Those sponsors willing to be identified are shown in parentheses:

  • RFC3850, RFC3851, RFC3852 and RFC3394: CMS support (2008)

  • RFC3280 and PKITS compliance (Google, 2008)

  • RFC4507bis: stateless session resumption (Google, 2007)

  • CryptoAPI ENGINE support (2008)

  • RFC3546: OCSP stapling (2007)

  • Open source based FIPS 140-2 validation (Symantec and others, 2008-2010)

  • Change letter for validation #1051 to support cross-compilation (Opengear, 2010)

  • Change letter for validation #1051 to support newer 64 bit Windows (2010)
We have extensive experience in obtaining FIPS 140-2 validations for OpenSSL based cryptographic modules. We can assist you in utilising the open source based validated module (#1051), we can obtain a change letter modification to that validated module to suit your specific circumstances, or we can obtain a complete new validation with your company as the vendor of record. We can provide a complete turnkey service handling all arrangements with the test labs and CMVP, or we can work with your existing test lab. If you are not familiar with the validation and change letter process give us a call; you may well find that the cost of obtaining FIPS 140-2 validation status for the OpenSSL based software you currently use is less than the cost of a license for a commercial equivalent.

All of our commercial work is performed under formal contracts with fully specified deliverables, conventional milestones and deadlines, progress reporting, and invoicing -- no PayPal payments to some unknown pseudonym.

Since we consider all sources of financial support to be OpenSSL sponsors and patrons, clients purchasing any of our commercial services will at their discretion be identified and credited in several formats such as our acknowledgments page, in the source distribution release notes, and in mailing list announcements.

For further information please contact the OpenSSL Software Foundation.