Open-Source Wikis

/

OpenSSL

/

Maintainers and contributors

openssl/openssl

Maintainers and contributors

OpenSSL is governed by the OpenSSL Foundation (founded 2023, taking over from the OpenSSL Software Foundation Inc. that ran the project from 2014 onward) and developed by the Technical Committee plus a wider set of committers and reviewers. Day-to-day, code review on openssl/openssl happens on GitHub through the OTC (OpenSSL Technical Committee) and the larger committer pool.

Where to look first

  • The openssl/openssl GitHub repo's contributors tab shows recent activity.
  • AUTHORS.md and the per-area mailmap files in util/ document historical contributors.
  • .github/CODEOWNERS is intentionally minimal:
    /.github/workflows/ @quarckster
    Most areas don't have explicit codeowners — review is handled at the project level.

Most-active recent committers (last six months, HEAD = 3.6 dev branch)

Drawn from git log --since="6 months ago":

Author Commits Notable focus
Neil Horman 123 Build system, fuzzing, async, stability work
Bob Beck 108 Memory and threading, ASN.1 fixes, security
Eugene Syromiatnikov 96 Cleanups, errors, perlasm, demos
Matt Caswell 70 TLS / DTLS / record layer / state machine
Milan Broz 67 CI / build / release infrastructure
Tomas Mraz 58 Providers, FIPS, EVP, certificate stack
Dr. David von Oheimb 58 CMP / CRMF / X.509 / PKI semantics
Norbert Pocs 52 Test infrastructure
Viktor Dukhovni 48 Post-quantum, X.509, name matching
slontis (Shane Lontis) 42 FIPS, providers, KDFs
Simo Sorce 37 Providers, store, FIPS
Alexandr Nedvedicky 33 DTLS / QUIC bug-fixing
Igor Ustinov 31 (mostly platform fixes)
sftcd (Stephen Farrell) 29 ECH (Encrypted Client Hello)
kovan 28 Various
Joshua Rogers 28 Security and fuzzing
Daniel Kubec 26 Platform fixes
Richard Levitte 25 Build system, providers, doc
Frederik Wedel-Heinen 18 TLS
Dmitry Misharov 17 CI

Top areas-of-historical-influence

Looking at all-time git log commit counts:

Era Top contributors
1998-2010 (SSLeay → OpenSSL pre-1.0) Mark J. Cox, Ralf S. Engelschall, Dr. Stephen Henson, Bodo Möller, Lutz Jänicke, Andy Polyakov, Richard Levitte, Geoff Thorpe
2010-2018 (1.0 → 1.1) Stephen Henson, Matt Caswell, Andy Polyakov, Dr. David Brumley, Tim Hudson, Richard Levitte
2018-2021 (3.0 redesign) Pauli (Paul Dale), Richard Levitte, Matt Caswell, Tomas Mraz, Shane Lontis, Patrick Steuer, Bernd Edlinger
2021-2026 (3.0 → 3.6) Pauli, Tomas Mraz, Matt Caswell, Hugo Landau (QUIC), David von Oheimb (CMP), slontis, Neil Horman, Bob Beck, Viktor Dukhovni, Stephen Henson (continuing)

The all-time top-three by commit count are Richard Levitte, Stephen Henson (now retired from active development), and Matt Caswell. Andy Polyakov is the credited author of nearly all the assembly under crypto/<algo>/asm/.

Per-area expertise (informal)

Based on commit history and review patterns over the past ~3 years:

Area Most active reviewers
ssl/quic/ Hugo Landau, Tomáš Kasal, Matt Caswell, Neil Horman
ssl/statem/, ssl/record/, ssl/t1_lib.c Matt Caswell, Bernd Edlinger, Tomas Mraz
ssl/ech/ Stephen Farrell (sftcd), Matt Caswell
crypto/cmp/, crypto/crmf/ Dr. David von Oheimb
crypto/x509/, crypto/asn1/ Tomas Mraz, Pauli, Viktor Dukhovni
providers/fips/, providers/common/securitycheck* Pauli, slontis, Tomas Mraz
providers/implementations/{ml_kem,ml_dsa,slh_dsa,lms}/ Pauli, slontis, Viktor Dukhovni
crypto/evp/, crypto/encode_decode/ Tomas Mraz, Pauli, Richard Levitte
crypto/threads_*.c, crypto/property/ Pauli, Neil Horman
crypto/rand/, providers/implementations/rands/ Pauli, slontis, Tomas Mraz
apps/openssl* Neil Horman, Tomas Mraz, Dr. David von Oheimb
Build / Configurations/ Richard Levitte, Pauli, Neil Horman
Fuzzing Neil Horman, Joshua Rogers
Perlasm Andy Polyakov (legacy), various recent updaters

Communication

  • Mailing lists at https://openssl-library.org/community/mailinglists/openssl-users, openssl-project (governance), openssl-announce (security advisories).
  • GitHub issues / pull requests on openssl/openssl for code work.
  • Security: openssl-security@openssl.org for embargoed reports. Public advisories are at https://openssl-library.org/news/vulnerabilities/.
  • OTC meeting minutes on the openssl-project list and the OTF web site.

Becoming a committer / TC member

Path described in https://openssl-library.org/community/:

  1. Submit good PRs that get merged.
  2. Sign the OpenSSL Contributor License Agreement.
  3. Earn nomination from existing committers.
  4. The OTC votes.

There is no fixed cadence; committer expansion happens when a contributor demonstrates sustained good work.

Acknowledgement

Beyond direct commits, the project depends on a much wider community: package maintainers in every Linux distribution, Apple, Microsoft, FreeBSD; the language ecosystems (Python cryptography, Node.js, Go's crypto/tls cross-validation); and the audit and fuzzing reports filed via Sentry/OSS-Fuzz. The "Acknowledgements" lists in release notes are typically several dozen names long.

Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.

Maintainers and contributors – OpenSSL wiki | Factory