openssl/openssl
Maintainers and contributors
OpenSSL is governed by the OpenSSL Foundation (founded 2023, taking over from the OpenSSL Software Foundation Inc. that ran the project from 2014 onward) and developed by the Technical Committee plus a wider set of committers and reviewers. Day-to-day, code review on openssl/openssl happens on GitHub through the OTC (OpenSSL Technical Committee) and the larger committer pool.
Where to look first
- The
openssl/opensslGitHub repo's contributors tab shows recent activity. AUTHORS.mdand the per-area mailmap files inutil/document historical contributors..github/CODEOWNERSis intentionally minimal:
Most areas don't have explicit codeowners — review is handled at the project level./.github/workflows/ @quarckster
Most-active recent committers (last six months, HEAD = 3.6 dev branch)
Drawn from git log --since="6 months ago":
| Author | Commits | Notable focus |
|---|---|---|
| Neil Horman | 123 | Build system, fuzzing, async, stability work |
| Bob Beck | 108 | Memory and threading, ASN.1 fixes, security |
| Eugene Syromiatnikov | 96 | Cleanups, errors, perlasm, demos |
| Matt Caswell | 70 | TLS / DTLS / record layer / state machine |
| Milan Broz | 67 | CI / build / release infrastructure |
| Tomas Mraz | 58 | Providers, FIPS, EVP, certificate stack |
| Dr. David von Oheimb | 58 | CMP / CRMF / X.509 / PKI semantics |
| Norbert Pocs | 52 | Test infrastructure |
| Viktor Dukhovni | 48 | Post-quantum, X.509, name matching |
| slontis (Shane Lontis) | 42 | FIPS, providers, KDFs |
| Simo Sorce | 37 | Providers, store, FIPS |
| Alexandr Nedvedicky | 33 | DTLS / QUIC bug-fixing |
| Igor Ustinov | 31 | (mostly platform fixes) |
| sftcd (Stephen Farrell) | 29 | ECH (Encrypted Client Hello) |
| kovan | 28 | Various |
| Joshua Rogers | 28 | Security and fuzzing |
| Daniel Kubec | 26 | Platform fixes |
| Richard Levitte | 25 | Build system, providers, doc |
| Frederik Wedel-Heinen | 18 | TLS |
| Dmitry Misharov | 17 | CI |
Top areas-of-historical-influence
Looking at all-time git log commit counts:
| Era | Top contributors |
|---|---|
| 1998-2010 (SSLeay → OpenSSL pre-1.0) | Mark J. Cox, Ralf S. Engelschall, Dr. Stephen Henson, Bodo Möller, Lutz Jänicke, Andy Polyakov, Richard Levitte, Geoff Thorpe |
| 2010-2018 (1.0 → 1.1) | Stephen Henson, Matt Caswell, Andy Polyakov, Dr. David Brumley, Tim Hudson, Richard Levitte |
| 2018-2021 (3.0 redesign) | Pauli (Paul Dale), Richard Levitte, Matt Caswell, Tomas Mraz, Shane Lontis, Patrick Steuer, Bernd Edlinger |
| 2021-2026 (3.0 → 3.6) | Pauli, Tomas Mraz, Matt Caswell, Hugo Landau (QUIC), David von Oheimb (CMP), slontis, Neil Horman, Bob Beck, Viktor Dukhovni, Stephen Henson (continuing) |
The all-time top-three by commit count are Richard Levitte, Stephen Henson (now retired from active development), and Matt Caswell. Andy Polyakov is the credited author of nearly all the assembly under crypto/<algo>/asm/.
Per-area expertise (informal)
Based on commit history and review patterns over the past ~3 years:
| Area | Most active reviewers |
|---|---|
ssl/quic/ |
Hugo Landau, Tomáš Kasal, Matt Caswell, Neil Horman |
ssl/statem/, ssl/record/, ssl/t1_lib.c |
Matt Caswell, Bernd Edlinger, Tomas Mraz |
ssl/ech/ |
Stephen Farrell (sftcd), Matt Caswell |
crypto/cmp/, crypto/crmf/ |
Dr. David von Oheimb |
crypto/x509/, crypto/asn1/ |
Tomas Mraz, Pauli, Viktor Dukhovni |
providers/fips/, providers/common/securitycheck* |
Pauli, slontis, Tomas Mraz |
providers/implementations/{ml_kem,ml_dsa,slh_dsa,lms}/ |
Pauli, slontis, Viktor Dukhovni |
crypto/evp/, crypto/encode_decode/ |
Tomas Mraz, Pauli, Richard Levitte |
crypto/threads_*.c, crypto/property/ |
Pauli, Neil Horman |
crypto/rand/, providers/implementations/rands/ |
Pauli, slontis, Tomas Mraz |
apps/openssl* |
Neil Horman, Tomas Mraz, Dr. David von Oheimb |
Build / Configurations/ |
Richard Levitte, Pauli, Neil Horman |
| Fuzzing | Neil Horman, Joshua Rogers |
| Perlasm | Andy Polyakov (legacy), various recent updaters |
Communication
- Mailing lists at
https://openssl-library.org/community/mailinglists/—openssl-users,openssl-project(governance),openssl-announce(security advisories). - GitHub issues / pull requests on
openssl/opensslfor code work. - Security:
openssl-security@openssl.orgfor embargoed reports. Public advisories are athttps://openssl-library.org/news/vulnerabilities/. - OTC meeting minutes on the
openssl-projectlist and the OTF web site.
Becoming a committer / TC member
Path described in https://openssl-library.org/community/:
- Submit good PRs that get merged.
- Sign the OpenSSL Contributor License Agreement.
- Earn nomination from existing committers.
- The OTC votes.
There is no fixed cadence; committer expansion happens when a contributor demonstrates sustained good work.
Acknowledgement
Beyond direct commits, the project depends on a much wider community: package maintainers in every Linux distribution, Apple, Microsoft, FreeBSD; the language ecosystems (Python cryptography, Node.js, Go's crypto/tls cross-validation); and the audit and fuzzing reports filed via Sentry/OSS-Fuzz. The "Acknowledgements" lists in release notes are typically several dozen names long.
Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.