You are choosing a TLS and cryptography library for a new service, hardening a distribution, or auditing what your servers already link against. Three names dominate the conversation: OpenSSL, LibreSSL, and BoringSSL. They share ancestry but serve different masters—general-purpose infrastructure, OpenBSD-style integration, and Google's embed-only model.
This guide compares them across the decisions that matter to operators and developers: stability guarantees, FIPS, distribution packaging, API surface, and who each project says should use it. The tables below are distro-neutral; a short tested section at the end shows how to verify your own host with real command output.
Quick answer: which one should you pick?
| Your situation | Choose |
|---|---|
| Default Linux server, package-managed nginx/curl, commercial support | OpenSSL (what your distro ships) |
| Building or maintaining an OpenBSD-based OS or portable LibreSSL stack | LibreSSL (with eyes open on API gaps) |
| Shipping Chrome-scale software that vendors its own TLS and updates weekly | BoringSSL (static link, live at head) |
| Need FIPS 140-3 validated module on Linux | OpenSSL 3 FIPS provider (validated build), not LibreSSL/BoringSSL |
| “I want a drop-in libssl.so swap on my distro” | Neither alternative — stay on distro OpenSSL |
If you install software only from your distribution and run standard daemons, you are almost certainly already on OpenSSL. The comparison below explains when deviating is rational—and when it will fight your distribution.
One-line identity of each library
| Library | Maintainer | Stated purpose (from official docs) |
|---|---|---|
| OpenSSL | OpenSSL Software Foundation | General-purpose TLS, crypto, CLI tools, libraries (libcrypto, libssl), provider architecture, optional FIPS module |
| LibreSSL | OpenBSD / portable team | Fork of OpenSSL 1.0.1g to modernize, simplify, and harden; primary on OpenBSD, portable builds for other OSes |
| BoringSSL | Fork tuned for Google products (Chrome, Android internals); not intended for general third-party use |
Comparison by decision area
Intended audience and support model
| Area | OpenSSL | LibreSSL | BoringSSL |
|---|---|---|---|
| Who it is for | Everyone: OS vendors, servers, apps, hardware vendors | OS integrators (especially OpenBSD), projects that accept relinking | Google embedders (Chromium, Android platform code) |
| Third-party use | Explicitly encouraged | Supported via portable tarballs; not ABI-stable with OpenSSL | Discouraged in README: “likely to be frustrating” |
| Update model | Semver-style releases, LTS branches, security advisories | Regular stable + development releases on libressl.org | “Live at head”; tags are snapshots, not stability milestones |
| Commercial support | Available (vendors, consultants) | Community / OS vendor | None for external products |
Official wording matters:
- BoringSSL's README states it is not intended for general use, as OpenSSL is and that there are “no guarantees of API or ABI stability.”
- LibreSSL's portable README states it is not ABI compatible with any release of OpenSSL and that “OpenSSL 3 API is not currently supported.”
- OpenSSL's strategic architecture document describes a long-term provider-based design aimed at broad ecosystem migration.
API, ABI, and OpenSSL 3 providers
| Area | OpenSSL | LibreSSL | BoringSSL |
|---|---|---|---|
| API lineage | OpenSSL 1.1.1 → 3.x with providers | Much of OpenSSL 1.1 API; no OpenSSL 3 provider API | OpenSSL-derived; removed/changed APIs |
| ABI stability | Stable within major (3.x) for distributors | Must relink; version bumps track ABI changes | None promised; consumers pin git revisions |
| Provider / engine model | OpenSSL 3 providers (default, legacy, FIPS); engines still supported in 3.0 | No OpenSSL 3 provider stack | No provider model; simplified internals |
| Porting effort | Baseline | Moderate—drop removed ciphers/APIs | PORTING.md for OpenSSL code; ongoing merge cost |
OpenSSL 3 split algorithms into loadable providers (default, legacy, FIPS). That is how FIPS-validated crypto coexists with non-validated algorithms in one libcrypto. LibreSSL and BoringSSL do not offer that model; they integrate a single curated implementation per release.
FIPS and compliance
| Area | OpenSSL | LibreSSL | BoringSSL |
|---|---|---|---|
| FIPS 140-3 module | Yes — OSSL_PROVIDER-FIPS (validated versions listed on openssl.org) |
No FIPS module in the OpenSSL sense | No public FIPS validation path for embedders |
Property queries (fips=yes) |
Supported in OpenSSL 3 | N/A | N/A |
| Typical regulated workloads | Banks, gov, vendors ship OpenSSL FIPS builds | Rare; not the usual compliance path | Not chosen for FIPS compliance |
If procurement requires a validated module, OpenSSL 3's FIPS provider is the only one of these three with an official, documented FIPS program. You still must build from a validated version and run mandated self-tests on each deployment.
Algorithms, TLS versions, and cipher breadth
| Area | OpenSSL | LibreSSL | BoringSSL |
|---|---|---|---|
| Legacy algorithms | Available via legacy provider (DES, IDEA, etc.) | Removed or avoided by policy | Stripped aggressively |
| Modern TLS | TLS 1.2 / 1.3 (config-dependent) | TLS 1.2 / 1.3 (release-dependent) | Curated for Chrome/Android needs |
| Cipher breadth | Largest catalog; legacy optional via provider | Smaller set by design | Smaller, opinionated set |
LibreSSL's project policy is to avoid adding ciphers without strong justification. BoringSSL removes unused OpenSSL surface. OpenSSL keeps the broadest menu, including legacy via a separate provider.
Command-line tools and developer experience
| Area | OpenSSL | LibreSSL | BoringSSL |
|---|---|---|---|
openssl CLI |
Full toolkit (req, x509, s_client, pkcs12, …) |
Ships openssl(1) and utilities (nc, ocspcheck) on OpenBSD |
No general-purpose operator CLI for production use |
| Documentation | openssl.org man pages, extensive wiki | Man pages on OpenBSD; portable README | API headers + PORTING.md / INCORPORATING.md |
| Learning resources | Largest ecosystem (tutorials, distros, books) | Smaller; overlaps with OpenBSD docs | Aimed at Chromium contributors |
For day-to-day certificate work, OpenSSL cheat sheet and view certificate assume the OpenSSL CLI.
Distribution packaging on Linux
| Area | OpenSSL | LibreSSL | BoringSSL |
|---|---|---|---|
| Mainstream distros (Debian, Ubuntu, RHEL, Fedora, SUSE, Arch) | Default system TLS stack; openssl package + libssl shared library |
Not the default system libssl on these distros |
Not offered as a system TLS replacement |
| OpenBSD | Not used in base | Native TLS and openssl(1) |
Not used in base |
| Alpine Linux | Default (openssl / libssl3) |
Available in community (libressl) but not the default musl userspace stack |
Not packaged for system TLS |
| Void, Gentoo, source-based | Common default or easy option | Optional; integrator chooses | Rare; vendored in specific upstreams only |
| Safe system-wide swap? | N/A (baseline on most distros) | No on OpenSSL-based distros — breaks linked binaries | No — not designed as distribution libssl |
The pattern is consistent: Debian-family, RHEL-family, and most enterprise Linux images standardize on OpenSSL 3.x today. LibreSSL appears as the base system on OpenBSD and as an optional path on a few distributions—not as a drop-in replacement you enable with one package swap. BoringSSL is consumed inside Chromium, Android platform builds, and similar embedders; it is not what nginx or curl link when you install from mainstream repos.
Performance and footprint
| Area | OpenSSL | LibreSSL | BoringSSL |
|---|---|---|---|
| Tuning | Widely benchmarked; hardware engines/providers | Leaner codebase; fewer algorithms | Optimized for Google workloads |
| Typical goal | Broad compatibility + optional acceleration | Smaller attack surface | Minimum latency/size inside Chrome |
Micro-benchmarks vary by CPU and build flags. For most teams, packaging and API stability dominate more than raw openssl speed numbers.
Licensing
| Library | License (check current release) |
|---|---|
| OpenSSL | Apache License 2.0 (since 3.0) |
| LibreSSL | ISC / BSD-style (OpenBSD project) |
| BoringSSL | OpenSSL + ISC dual licensing (see BoringSSL LICENSE) |
Always read the LICENSE file in the exact version you ship.
How to see what your host uses
Run these on any Linux machine—adjust the package-manager line for your distro (rpm -q openssl on RHEL, apk info openssl on Alpine, and so on):
openssl version -a | head -4
openssl list -providers
ldd "$(which curl)" | grep -E 'ssl|crypto'
openssl ciphers -v 'ALL' | wc -l
which libressl 2>/dev/null || echo "no libressl binary on PATH"On OpenSSL 3.x systems, openssl list -providers shows loaded providers (typically default; FIPS and legacy appear only when installed and configured). ldd on curl, nginx, or ssh reveals the actual libssl.so SONAME your userspace links—not what you assume from the distro name alone.
Example: commands tested on Ubuntu 25.04
The following is one real run on Ubuntu 25.04 to illustrate what a typical Debian-family desktop/server looks like. Your versions and package names will differ on RHEL, Fedora, Arch, or Alpine—use the generic commands above on your own host.
Tested on: Ubuntu 25.04 (Plucky Puffin); kernel 6.14.0-37-generic; OpenSSL 3.4.1.
openssl version -a | head -6
dpkg -l openssl libssl3t64 | awk '/^ii/'
openssl list -providers
ldd "$(which curl)" | grep ssl
apt-cache search '^libressl' | head -3
apt-cache search boringssl | head -3Sample output from that Ubuntu host:
OpenSSL 3.4.1 11 Feb 2025 (Library: OpenSSL 3.4.1 11 Feb 2025)
OPENSSLDIR: "/usr/lib/ssl"
MODULESDIR: "/usr/lib/x86_64-linux-gnu/ossl-modules"
ii openssl 3.4.1-1ubuntu4 amd64 Secure Sockets Layer toolkit - cryptographic utility
ii libssl3t64:amd64 3.4.1-1ubuntu4 amd64 Secure Sockets Layer toolkit - shared libraries
Providers:
default
name: OpenSSL Default Provider
version: 3.4.1
status: active
libssl.so.3 => /lib/x86_64-linux-gnu/libssl.so.3 (0x00007ad523c6c000)
140(openssl ciphers -v 'ALL' | wc -l returned 140 on the same host. which libressl returned nothing. apt-cache search '^libressl' returned no system libssl replacement; boringssl matches only Android SDK-related packages—not a server TLS stack.)
That snapshot matches the mainstream pattern: OpenSSL 3 as system TLS, no LibreSSL on PATH, BoringSSL absent from server packaging. Alpine or OpenBSD would show different package names and possibly LibreSSL as the base library—always verify locally.
Deep dive: OpenSSL
OpenSSL is the default answer for Linux distributions, most language bindings, and hardware vendors. Version 3.x introduced:
- Providers — pluggable algorithm implementations (default, legacy, FIPS)
- EVP-centric API — applications fetch algorithms by name and properties
- Optional FIPS module — documented in
OSSL_PROVIDER-FIPS
The strategic architecture document describes a migration from engines toward providers while keeping well-behaved applications working across 3.x with a recompile.
When OpenSSL fits:
- You ship on Debian, Ubuntu, RHEL, Fedora, SUSE, Arch, or similar and want distribution security updates
- You need the
opensslCLI for CSRs, inspection, and PKCS#12 workflows - Compliance asks for a FIPS-validated OpenSSL build
- Third-party modules (nginx, PostgreSQL, Python
ssl) expect the distrolibsslSONAME
Distro-specific install notes: Install OpenSSL on Ubuntu, OpenSSL config paths.
Deep dive: LibreSSL
LibreSSL began as a fork of OpenSSL 1.0.1g after the Heartbleed era. The OpenBSD project wanted a smaller, auditable tree and stricter development discipline.
Official portable README points (paraphrased from source):
- Goal: modernize, improve security, apply OpenBSD practices
- Provides much of the OpenSSL 1.1 API; OpenSSL 3 API not supported
- Not ABI compatible with OpenSSL — programs must be relinked
- Does not add features lightly; removes legacy cruft
LibreSSL also ships libtls, a higher-level API for TLS clients/servers “designed to make it easier to write foolproof applications” (libressl.org).
When LibreSSL fits:
- You are building on OpenBSD or a product that already standardized on LibreSSL portable
- You control the full stack and can rebuild every TLS consumer
- You prefer a smaller algorithm set and reject OpenSSL's optional legacy surface
When it does not fit:
- You depend on OpenSSL 3 providers, FIPS module, or engines
- You need binary compatibility with your distribution's
libsslwithout rebuilding dependents - You want the widest third-party tutorial and Stack Overflow coverage
Deep dive: BoringSSL
BoringSSL is Google's maintained fork. Official README and PORTING.md stress:
- Designed for Google's needs (Chrome, Chromium, Android platform)
- Not intended for general use; third-party dependence is discouraged
- No stable API or ABI — embedders ship a private copy and update in lockstep
- Not suitable as a traditional Linux distribution system library (Chromium static-links; Android NDK does not expose it to apps)
INCORPORATING.md describes a “live at head” model: pin to latest revision, update often; release tags exist only for systems that require tarballs, not as stability promises.
When BoringSSL fits:
- You maintain a Chromium-like product with engineers to merge upstream weekly
- You can static-link and run continuous integration against BoringSSL HEAD
- You accept porting cost from OpenSSL APIs (see PORTING.md)
When it does not fit:
- You expect a distribution package to replace system TLS on a generic Linux server
- You need long-term ABI promises for plugins
- You want operator-facing
opensslcertificate workflows
Decision flowchart (text)
Need distro-packaged daemons (nginx, OpenSSH, curl) on mainstream Linux?
└─ Yes → OpenSSL (distribution default)
└─ No → Building entire OS on OpenBSD?
└─ Yes → LibreSSL (native)
└─ No → Shipping browser-scale app with owned TLS lifecycle?
└─ Yes → BoringSSL (vendored)
└─ No → OpenSSL (source or static build)Side-by-side summary table
| Criterion | OpenSSL | LibreSSL | BoringSSL |
|---|---|---|---|
| Default on mainstream Linux distros | Yes | No | No |
| Native on OpenBSD | No | Yes | No |
| General third-party use | Yes | Yes (with caveats) | No (officially) |
| OpenSSL 3 providers | Yes | No | No |
| FIPS 140-3 module | Yes (validated builds) | No | No |
| ABI stability for distros | Yes (3.x) | No | No |
openssl CLI for admins |
Yes | Partial / platform-specific | Not for ops |
System libssl replacement |
Baseline | Risky / rebuild required | Not supported |
| Best match | Servers, distros, compliance | OpenBSD ecosystems | Chrome/Android embedders |
Practical recommendations
Stay on OpenSSL if you run mainstream Linux, use distribution packages for daemons, or follow guides on this site (tutorial hub, cheat sheet). Security updates arrive through your distribution; fighting that buys little unless you own the entire stack.
Choose LibreSSL only as a deliberate platform decision—typically OpenBSD or a custom appliance where every binary is rebuilt against LibreSSL and you accept API differences from OpenSSL 3.
Do not choose BoringSSL for a generic Linux server or as a replacement for /usr/bin/openssl. Treat it as source you vendor inside a product that already follows Google's incorporation model.
If you are comparing OpenSSL commands rather than libraries, see openssl ca vs x509. For PKI concepts before picking a stack, read PKI, CA, CRL, and OCSP.
References
- OpenSSL project and strategic architecture
- OpenSSL 3.0 design (providers)
- OSSL_PROVIDER-FIPS
- LibreSSL and portable README
- BoringSSL README
- BoringSSL PORTING.md
- BoringSSL INCORPORATING.md
- On-site: Install OpenSSL on Ubuntu, OpenSSL config paths
Summary
OpenSSL is the practical default for Linux servers and applications on Debian, RHEL, Fedora, SUSE, Arch, and most other mainstream distributions: package managers ship it as the system TLS stack, and common daemons link the distro libssl SONAME. LibreSSL targets OpenBSD and integrators who want a slimmer fork of the OpenSSL 1.1-era API, explicitly without OpenSSL 3 providers or ABI compatibility with OpenSSL. BoringSSL is open source but aimed at Google embedders who static-link and track HEAD—official docs warn against third-party reliance and against using it as a distribution system library. Choose OpenSSL unless you control an entire platform stack (LibreSSL) or ship a Chromium-class product (BoringSSL). Run the inspection commands on your own host to confirm what you actually have before changing anything.

