From Wikipedia, the free encyclopedia
Original author(s)Eric Andrew Young, Tim J. Hudson
Initial release1995?
TypeSecure Sockets Layer 3.0 implementation
LicenseSSLeay License

SSLeay is an open-source SSL implementation. It was developed by Eric Andrew Young[1] and Tim J. Hudson as an SSL 3.0 implementation using RC2 and RC4 encryption.[2] The recommended pronunciation is to say each letter s-s-l-e-a-y and was first developed by Eric A. Young ("eay").[3] SSLeay also included an implementation of the DES from earlier work by Eric Young which was believed to be the first open-source implementation of DES. Development of SSLeay unofficially mostly ended, and volunteers forked the project under the OpenSSL banner around December 1998, when Tim and Eric both commenced working for RSA Security in Australia.


SSLeay was developed by Eric A. Young, starting in 1995. Windows support was added by Tim J. Hudson. Patches to open source applications to support SSL using SSLeay were produced by Tim Hudson. Development by Young and Hudson ceased in 1998. The SSLeay library and codebase is licensed under its own SSLeay License, a form of free software license.[2][3][4] The SSLeay License is a BSD-style open-source license, almost identical to a four-clause BSD license.[5]

SSLeay supports X.509v3 certificates and PKCS#10 certificate requests.[6] It supports SSL2 and SSL3.[7] Also supported is TLSv1.[8]

The first secure FTP implementation was created under BSD using SSLeay by Tim Hudson.[1]

The first open source Certifying Authority implementation was created with CGI scripts using SSLeay by Clifford Heath.


OpenSSL is a fork and successor project to SSLeay and has a similar interface to it.[3][9] After Young and Hudson joined RSA Corporation, volunteers forked SSLeay and continued development as OpenSSL.[2]

BSAFE SSL-C is a fork of SSLeay developed by Eric A. Young and Tim J. Hudson for RSA Corporation. It was released as part of BSAFE SSL-C.[2][10]


  1. ^ a b David Ross (1999). "An Implementation of Secure FTP". Proceedings of Open Source AUUG '99. p. 96.
  2. ^ a b c d Simson Garfinkel, Gene Spafford (2002). Web Security, Privacy & Commerce. O'Reilly. p. 114. ISBN 0596000456.
  3. ^ a b c David Gourley, Brian Totty (2002). HTTP: The Definitive Guide. O'Reilly. p. 329. ISBN 1565925092.
  4. ^ Eric A. Young (1998). SSLeay License.
  5. ^ OpenSSL Project (1999). LICENSE. {{cite book}}: |work= ignored (help)
  6. ^ Sokratis Katsikas (1997). Communications and Multimedia Security. Springer. p. 54. ISBN 0412817705.
  7. ^ Mohammed J. Kabir (1999). Apache Server: Administrator's Handbook. IDG. p. 402. ISBN 0764533061.
  8. ^ Man Young Rhee (2003). Internet Security: Cryptographic Principles, Algorithms and Protocols. Wiley. p. 277. ISBN 0470852852.
  9. ^ Bryan Hong (2006). Building an Internet Server With Freebsd 6. Unorthodocs. p. 105. ISBN 9781411695740.
  10. ^ RSA Data Security (1999). "RSA Introduces BSAFE SSL-C for Worldwide Markets". PR Newswire.

External links[edit]

See also[edit]