Using OpenSSL Alongside the Default LibreSSL on MacOS

Introduction

As a macOS user working on projects requiring cryptographic operations, I have encountered a common source of confusion: the presence of LibreSSL instead of OpenSSL by default on our system. In such cases, if we run the command: openssl version, it will give us the Libressl version instead.

However, in certain cases, we may need to use the actual OpenSSL instead. In this post, we'll demystify this topic and show you how to use the actual OpenSSL when needed on Mac without disturbing the default one.

What's the Deal with OpenSSL and LibreSSL on macOS?

First things first: OpenSSL is a widely used cryptographic library, providing tools for secure communication over the internet. LibreSSL is a fork of OpenSSL, created to modernise the codebase, improve security, and simplify the library.

The macOS, in its quest for security and reliability, ships with LibreSSL as the default openssl command. While this is generally a good thing, it can lead to confusion for users who specifically need OpenSSL for their work.

Why Does This Matter?

The key issue here is compatibility. Although LibreSSL strives to be broadly compatible with OpenSSL, there are differences. These differences could affect how your cryptographic operations behave or, in some cases, prevent certain operations entirely if they rely on features unique to OpenSSL.

How to Use OpenSSL on macOS

Thankfully, there's an easy solution: Homebrew, the package manager for macOS. Homebrew allows us to install OpenSSL on our system alongside the default LibreSSL, giving us access to the specific features and updates of OpenSSL without interfering with your system's stability.

Step 1: Install Homebrew

If you haven't already, installing Homebrew is straightforward. Just open your terminal and run a simple command from the Homebrew website at https://brew.sh/. The command is as follows: 

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" 

Step 2: Install OpenSSL via Homebrew

With Homebrew installed, we can now install OpenSSL using the following command: 

brew install openssl

Step 3: Finding the location of OpenSSL installed by brew

Even if we installed openssl, if we run the command: openssl version, it will still give the Libressl version. We can find where openssl is installed by bre using the following command:

brew --prefix openssl

This should give us a response similar to the one below:

Step 4: Using the OpenSSL installed by brew

After installation, the crucial step is to make sure that when we run openssl, we're actually using the version installed by Homebrew, not the system's LibreSSL. Here's how we can directly invoke:

$ /opt/homebrew/opt/openssl@3/bin/openssl version

This should give us a response similar to the one below:

Special note: The path might vary, so you can run brew --prefix openssl as we did in step 3 to find the exact installation path.

Alternatively, we may also adjust our PATH environment variable to prioritize the Homebrew version over the default one.

Why It's Worth the Effort

Using the correct version of OpenSSL ensures that our projects are secure, compatible, and behave as expected. It also allows us to take advantage of the latest features and updates available in OpenSSL, which might not yet be present in LibreSSL.

Conclusion

While macOS's default use of LibreSSL is well-intentioned, it can create hurdles for users who need OpenSSL's specific capabilities. By installing OpenSSL through Homebrew and ensuring our system uses this version, we can work around these limitations and take full control of our cryptographic needs. Remember, understanding our tools is the first step towards secure and efficient development.