About OSF
 What We Do
 Who We Are
 Contact Info

 FIPS 140-2
 Data Archives

OpenSSL Software Services

OpenSSL Software Services

OpenSSL Software Services (OSS) is formally a U.S. company incorporated in Delaware in 2014, but is functionally an international entity with principals located in three continents and across 15 time zones. OSS also collaborates with other open source based organizations to provide some commercial services on a joint basis.

OSS provides services to the U.S. and foreign commercial sector, the U.S. federal government, and the U.S. Department of Defense through three basic contract vehicles:
  • Hourly rate on-demand consulting services; direct support from OpenSSL team members on any issues of interest to the client, as little or as much as needed. Rates start at US$250/hour. This option is popular with customers just needing short-term assistance with a specific problem or who don't know what kind or amount of assistance might be needed, but it is less cost effective for substantial amounts of work. Since we're a small organization rapid response isn't guaranteed, but the odds are good that we will respond to any specific request within a couple of days.

  • Fixed rate work-for-hire, where specific deliverables can be precisely identified. This is cost-effective for more substantial software development tasks (for instance, implementation of TLS 1.2, or obtaining FIPS 140-2 validations).

  • Annual software support contracts. One fixed annual fee (US$20,000 and up) for direct support with any problems with existing supported OpenSSL releases. These contracts are designed for the larger enterprise with a long term stake in OpenSSL. Since we're a small organization we limit these contracts to a select group of preferred clients. Our support contract customers receive close support (we rely on and cherish repeat business).
Note OSS does not provide free consulting support. Some free support is available from the OpenSSL project and the user community through the OpenSSL mailing lists.

OpenSSL Validation Services

OpenSSL Validation Services (OVS)1 is formally a U.S. company incorporated in Maryland in 2009 which currently focused on commercial and quasi-commercial activites specific to FIPS 140-2 validations and the OpenSSL FIPS Object Module.


Past and present projects include:
  • Implementation of full TLS 1.2 support in OpenSSL

  • Implementation of processor specific performance optimizations.

  • Multiple FIPS 140-2 validations including:

    • The OpenSSL FIPS Object Module 2.0 validation, an open source based module that can be used without charge by industry and government.
    • "Change letter" modifications of existing validated modules, usually to support new platforms not included in the original validation.
    • Multiple "private label" validations.

  • Implementation of specific cryptographic algorithms.


Note many of our customers elect to engage us on a non-disclosure basis and we strictly respect any confidentiality agreements. OpenSSL Software Foundation customers include:
18 The corporation is still formally named OpenSSL Software Foundation, Inc., dba (Doing Business As) OpenSSL Validation Services. A formal name change is planned for the near future.

This site Copyright © 2009-2016 OSF.