This is what worked for me:

brew update
brew install openssl
ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/
ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/
ln -s /usr/local/Cellar/openssl/1.0.2j/bin/openssl /usr/local/bin/openssl

Thanks to @dorlandode on this thread https://github.com/Homebrew/brew/pull/597

NB: I only used this as a temporary fix until I could spend time correctly installing Openssl again from scratch. As I remember I spent best part of a day debugging and having issues before I realised the best way was to manually install the certs I needed one by one. Please read the link in @bouke's comment before attempting this.

Answer from rorykoehler on Stack Overflow
🌐
Ruby on Mac
rubyonmac.dev › openssl-1-1-deprecated-how-this-affects-your-ruby-projects
OpenSSL 1.1 is deprecated: how this affects your Ruby projects | Ruby on Mac
4 weeks ago - However, Homebrew will disable OpenSSL 1.1 on October 24, 2024. If you already have it installed, and then Homebrew disables it, I believe you will still be able to use it, but I’m not 100% sure.
Discussions

macos - Homebrew refusing to link OpenSSL - Stack Overflow
The github link posted by @bartonjs shows that brew was updated just a few days ago. Looking at the commit, the change is ` if HOMEBREW_PREFIX.to_s == "/usr/local" && keg.name == "openssl"` so I'm guessing that the 1.0.1 version uses a different HOMEBREW_PREFIX. 2016-07-30T23:03:58.88Z+00:00 ... didn't work for me, still gives error Refusing to link: openssl101 Linking keg-only openssl101 means you may end up linking against the insecure, deprecated ... More on stackoverflow.com
🌐 stackoverflow.com
Update OSX openssl requirement to openssl@3
Description The current openssl requirement for OSX here is openssl@1.1. The end of life date for that version is September, 11 2023. Would it be reasonable to update that requirement to openssl@3? Homebrew has updated a number of its fo... More on github.com
🌐 github.com
25
August 5, 2023
[macOS] OpenSSL 1.1 will be removed and OpenSSL 3 will be the default for all macOS images once [date not determined]
Breaking changes OpenSSL 1.1 will be removed from all macOS images and the default version will be switched to OpenSSL 3. Target date ⚠️ We will notify you of planned changes when exact dates are s... More on github.com
🌐 github.com
21
October 18, 2024
Refusal of homebrew to install openssl@1.1 breaks ruby
brew doctor output Your system is ready to brew. Verification My "brew doctor output" above says Your system is ready to brew. and am still able to reproduce my issue. I ran brew update t... More on github.com
🌐 github.com
7
November 6, 2024
🌐
Reddit
reddit.com › r/macgaming › gptk cannot be installed because of openssl 1.1 dependency
r/macgaming on Reddit: GPTK cannot be installed because of openssl 1.1 dependency
October 25, 2024 -

Running:

brew tap apple/apple http://github.com/apple/homebrew-apple
brew -v install apple/apple/game-porting-toolkit

Results in:

Error: openssl@1.1 has been disabled because it is not supported upstream! It was disabled on 2024-10-24.

Seems like it's been last updated a year ago https://github.com/apple/homebrew-apple

brew deps --tree apple/apple/game-porting-toolkit | grep openssl@1.1

├── openssl@1.1

Tested Game_Porting_Toolkit_2.0_beta_3 - updated Xcode command line tools to version 16 as 15.1 was 'too old'.

pkgutil --pkg-info=com.apple.pkg.CLTools_Executables

package-id: com.apple.pkg.CLTools_Executables
version: 16.1.0.0.1.1729049160

🌐
Ruby on Mac
rubyonmac.dev › openssl-1-1-has-been-disabled
OpenSSL 1.1 has been disabled because it is not supported upstream! | Ruby on Mac
April 4, 2026 - If you don’t think you will ever need Ruby versions less than 3.1, then you shouldn’t be trying to install OpenSSL 1.1. You will need OpenSSL 3, which you can install with brew install openssl@3.
Top answer
1 of 15
75

This is what worked for me:

brew update
brew install openssl
ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/
ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/
ln -s /usr/local/Cellar/openssl/1.0.2j/bin/openssl /usr/local/bin/openssl

Thanks to @dorlandode on this thread https://github.com/Homebrew/brew/pull/597

NB: I only used this as a temporary fix until I could spend time correctly installing Openssl again from scratch. As I remember I spent best part of a day debugging and having issues before I realised the best way was to manually install the certs I needed one by one. Please read the link in @bouke's comment before attempting this.

2 of 15
64

As the update to the other answer suggests, the workaround of installing the old openssl101 brew will no longer work. For a right-now workaround, see this comment on dotnet/cli#3964.

The most relevant part of the issue copied here:

I looked into the other option that was suggested for setting the rpath on the library. I think the following is a better solution that will only effect this specific library.

sudo install_name_tool -add_rpath /usr/local/opt/openssl/lib /usr/local/share/dotnet/shared/Microsoft.NETCore.App/1.0.0/System.Security.Cryptography.Native.dylib

and/or if you have NETCore 1.0.1 installed perform the same command for 1.0.1 as well:

sudo install_name_tool -add_rpath /usr/local/opt/openssl/lib /usr/local/share/dotnet/shared/Microsoft.NETCore.App/1.0.1/System.Security.Cryptography.Native.dylib

In effect, rather than telling the operating system to always use the homebrew version of SSL and potentially causing something to break, we're telling dotnet how to find the correct library.

Also importantly, it looks like Microsoft are aware of the issue and and have both a) a somewhat immediate plan to mitigate as well as b) a long-term solution (probaby bundling OpenSSL with dotnet).

Another thing to note: /usr/local/opt/openssl/lib is where the brew is linked by default:

13:22 $ ls -l /usr/local/opt/openssl
lrwxr-xr-x  1 ben  admin  26 May 15 14:22 /usr/local/opt/openssl -> ../Cellar/openssl/1.0.2h_1

If for whatever reason you install the brew and link it in a different location, then that path is the one you should use as an rpath.

Once you've update the rpath of the System.Security.Cryptography.Native.dylib libray, you'll need to restart your interactive session (i.e., close your console and start another one).

🌐
GitHub
github.com › rvm › rvm › issues › 5380
Update OSX openssl requirement to openssl@3 · Issue #5380 · rvm/rvm
August 5, 2023 - The current openssl requirement for OSX here is openssl@1.1. The end of life date for that version is September, 11 2023. Would it be reasonable to update that requirement to openssl@3? Homebrew has updated a number of its formulae recently ...
Author   rvm
🌐
GitHub
github.com › actions › runner-images › issues › 10817
[macOS] OpenSSL 1.1 will be removed and OpenSSL 3 will be the default for all macOS images once [date not determined] · Issue #10817 · actions/runner-images
October 18, 2024 - OpenSSL 1.1 has reached its end-of-life (EOL) and is no longer supported. Due to its deprecation, Homebrew has removed it from its available packages.
Author   actions
🌐
Manuel
manuel.is › posts › os-x-ruby-openssl-homebrew-and-rvm-as-special-guest
OS X, Ruby, OpenSSL, Homebrew and RVM as special guest
January 13, 2020 - Recently, Homebrew removed OpenSSL 1.0 from their offering, somewhere along this deprecation process, Homebrew set OpenSSL to be openssl@1.1 by default, that is, set an alias for whenever a user does brew install openssl to install the heir to the throne under /usr/local/opt/openssl@1.1, instead ...
Find elsewhere
Top answer
1 of 1
2

MacOS includes an older version of openssl, that's what's by default in the path, and that's the one you'll see (try which openssl to see which one gets picked up on your computer).

Homebrew installs [email protected] into /opt, which means you need to explicitly call it from there, and if you want to link other programs you compile to it, you need to set library paths etc.

Same for libressl.

I just want to use the latest openssl (or libressl).

The binary, I assume? One way to do that is to add your own $HOME/bin directory in front of your PATH (something I recommend anyway) in your shell, and make a shell script openssl in there that calls the version you want to use. When you do it that way, you won't mess up anything else.

may that imply that some other software depending on that specific version will no longer work?

Exactly. That's why you shouldn't replace the one that comes with MacOS, for example.

Can I instruct software depending older openssl versions to use a specific path for that older version,

If you do it the other way round (have a different PATH in your terminal), then anything you call from outside the terminal isn't going to break, for starters.


To answer questions in the comment:

  1. I have a ~/.profile with

    export PATH=$HOME/bin:$PATH
    

    in it.

  2. See this answer. That is: Create a file ~/bin/openssl with

    #!/bin/bash
    exec /usr/local/opt/libressl/bin/openssl "$@"
    

in it. Don't forget to chmod a+x ~/bin/openssl.

Environment will get passed, redirections will apply. Wildcards will be resolved on first call, but passed on in resolved form.

🌐
GitHub
github.com › shivammathur › homebrew-openssl-deprecated
GitHub - shivammathur/homebrew-openssl-deprecated: Formula for openssl@1.0
January 2, 2022 - Homebrew tap for openssl@1.0 · brew tap shivammathur/openssl-deprecated brew install openssl@1.0 ·
Forked by 3 users
Languages   Ruby 100.0% | Ruby 100.0%
🌐
Niamurrell
niamurrell.com › code › 2020-08-12-homebrew-and-openssl
Homebrew and openssl - NiaMurrell.com
August 12, 2020 - As a follow up to my previous post dealing with different openssl versions, I’ve now learned that Homebrew deletes deprecated packages and the solution I found last time may not end up working. If that happens again, here is how to install the 1.0 version:
🌐
GitHub
github.com › Homebrew › brew › issues › 18719
Refusal of homebrew to install openssl@1.1 breaks ruby · Issue #18719 · Homebrew/brew
November 6, 2024 - Checking requirements for osx. Installing requirements for osx. Updating system.......... Installing required packages: openssl@1.1.There were package installation errors, make sure to read the log. Try brew tap --repair and make sure brew doctor looks reasonable.
Author   Homebrew
🌐
GitHub
github.com › Homebrew › homebrew-core › issues › 5126
OpenSSL@1.1 repeatedly tries to upgrade, even though nothing has changed · Issue #5126 · Homebrew/homebrew-core
September 22, 2016 - To add additional certificates, ... which means it was not symlinked into /usr/local. Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries Generally there are no consequences of this for ...
Author   Homebrew
🌐
Medium
katopz.medium.com › how-to-upgrade-openssl-8d005554401
How to upgrade OpenSSL (macOS). Problem : OpenSSL Security Advisory… | by katopz | Medium
January 20, 2017 - $ brew link --force openssl · OpenSSL 1.0.2j, Homebrew 1.1.2, Mac 10.11.6 · You’ll see… · Warning: Refusing to link: openssl Linking keg-only openssl means you may end up linking against the insecure, deprecated system OpenSSL while using the headers from Homebrew’s openssl.
🌐
GitHub
gist.github.com › zulhfreelancer › 4a609f65dfc396e395e5d5713fb3dd0f
How to switch OpenSSL version on Mac using Homebrew? · GitHub
$ ls -al /usr/local/Cellar/openssl* /usr/local/Cellar/openssl: total 0 drwxr-xr-x 13 zulhilmi staff 442 Apr 21 04:31 1.0.2t /usr/local/Cellar/openssl@1.1: total 0 drwxr-xr-x 13 zulhilmi staff 442 Apr 21 04:01 1.1.1f drwxr-xr-x 13 zulhilmi staff 442 Apr 24 15:41 1.1.1g ... This worked for me. I unlinked the current version using $brew unlink openssl@1.0 Then i linked the version i need to use using $brew link openssl@1.1 Finally i checked the openssl version and i got OpenSSL 1.1.1w 11 Sep 2023
🌐
Server Fault
serverfault.com › questions › 1176925 › how-to-properly-upgrading-openssl-with-homebrew
How to properly upgrading openssl with Homebrew? - Server Fault
March 23, 2025 - I just resolved a dependency issue in some software installed via Homebrew so the outdated openssl 1.1 can finally be removed. I did that with brew uninstall openssl@1.1 and it warned brew uninstall
🌐
Fossil
fossil-scm.org › forum › forumpost › 9496e81a51
Fossil User Forum: Missing Homebrew OpenSSL path check on M1 Macs
BTW, on my old Intel Mac, /usr/local/opt/openssl is a symlink pointing to /usr/local/Cellar/openssl@1.1/1.1.1h. Hope that helps. Having received my M1, I'm posting to confirm this diagnosis and to point out that it's an ongoing thing, not a one-time shift. I don't know who decided this was a good idea, but as long as Homebrew remains so popular, it's something we'll have to accommodate on the Fossil side of things. Really? Because on my Big Sur system in which I just ran "brew upgrade openssl" to get OpenSSL 1.1.1i, it still puts the libraries in /usr/local/opt/openssl.
🌐
GitHub
gist.github.com › darrenboyd › 58647ca3c31bd0ed4105
A quick guide to downgrading OpenSSL with Homebrew · GitHub
brew install rbenv/tap/openssl@1.0 rvm reinstall 1.9.3-p551 --with-openssl-dir='/usr/local/opt/openssl@1.0' gem update --system