Hello Jane,
Your case is not related to Windows for Business or Windows 365 Enterprise. What you are dealing with is an application dependency issue around OpenSSL versions on Windows. Winget installs the latest OpenSSL binaries into a system path, but applications do not automatically switch to using them. Each program either links statically to its own bundled OpenSSL libraries or dynamically loads them from a specific path. That means even if you have the newest OpenSSL installed globally, older applications may still be calling their embedded or outdated DLLs.
To verify which version is actually being used, you need to inspect the binaries that the application loads. On Windows, the most reliable way is to use Process Explorer from Sysinternals. Launch the application, open Process Explorer, and check the loaded modules under the process. If you see libssl-1_1.dll or libcrypto-1_1.dll, note the file path. That path tells you whether the program is using the system-installed OpenSSL or its own copy. You can also run openssl version from the command line to confirm the version of the OpenSSL binary you installed via Winget, but that only confirms the global installation, not what each application is consuming.
There is no single command line that forces all applications to use the new OpenSSL. Each application must either be updated by its vendor to link against the newer libraries, or you must replace the older DLLs in the application’s directory with the updated ones though this is risky and not recommended unless the vendor explicitly supports it. The best practice is to update the applications themselves to versions that are compiled against the latest OpenSSL.
I hope you've found something useful here. If it helps you get more insight into the issue, it's appreciated to accept the answer. Should you have more questions, feel free to leave a message. Have a nice day!
Domic Vo.
Answer from Domic Vo on learn.microsoft.comHello Jane,
Your case is not related to Windows for Business or Windows 365 Enterprise. What you are dealing with is an application dependency issue around OpenSSL versions on Windows. Winget installs the latest OpenSSL binaries into a system path, but applications do not automatically switch to using them. Each program either links statically to its own bundled OpenSSL libraries or dynamically loads them from a specific path. That means even if you have the newest OpenSSL installed globally, older applications may still be calling their embedded or outdated DLLs.
To verify which version is actually being used, you need to inspect the binaries that the application loads. On Windows, the most reliable way is to use Process Explorer from Sysinternals. Launch the application, open Process Explorer, and check the loaded modules under the process. If you see libssl-1_1.dll or libcrypto-1_1.dll, note the file path. That path tells you whether the program is using the system-installed OpenSSL or its own copy. You can also run openssl version from the command line to confirm the version of the OpenSSL binary you installed via Winget, but that only confirms the global installation, not what each application is consuming.
There is no single command line that forces all applications to use the new OpenSSL. Each application must either be updated by its vendor to link against the newer libraries, or you must replace the older DLLs in the application’s directory with the updated ones though this is risky and not recommended unless the vendor explicitly supports it. The best practice is to update the applications themselves to versions that are compiled against the latest OpenSSL.
I hope you've found something useful here. If it helps you get more insight into the issue, it's appreciated to accept the answer. Should you have more questions, feel free to leave a message. Have a nice day!
Domic Vo.
To ensure that your applications are using the new version of OpenSSL after updating, you can follow these steps:
- Check OpenSSL Version: You can verify the installed version of OpenSSL by running the following command in your command line:
This command will display the version of OpenSSL currently in use.openssl version - Verify Application Dependencies: For applications that depend on OpenSSL, you may need to check their documentation or use specific commands to see which version of OpenSSL they are linked against. This can vary by application, but many applications will have a command-line option to display version information.
- Check for Multiple Versions: If you suspect that multiple versions of OpenSSL are installed, you can check the paths of the OpenSSL binaries in your system. Use the following command to find all instances of OpenSSL:
This will show you the locations of the OpenSSL executables, and you can verify if the correct version is being used.where openssl - Update Environment Variables: Ensure that your system's PATH environment variable points to the directory of the new OpenSSL installation. This can help ensure that applications use the correct version.
- Testing Applications: After updating, test your applications to ensure they function correctly. If they fail or report issues related to OpenSSL, they may still be referencing an older version.
By following these steps, you can confirm that your applications are using the updated version of OpenSSL and mitigate any vulnerabilities associated with older versions.
I also wanted to use OpenSSL on Windows 10. An easy way to do it without running into the risk of installing unknown software from 3rd party websites and risking viruses, is by using the openssl.exe that comes inside your Git for Windows installation. In my case, I found the OpenSSL executable in the following location of the Git for Windows installation.
C:\Program Files\Git\usr\bin\openssl.exe
If you also want instructions on how to use OpenSSL to generate and use certificates, here is a write-up on my blog. The step by step instructions first explain how to use Microsoft Windows Default Tool and also OpenSSL and explains the difference between them.
If you have chocolatey installed you can install openssl via a single command i.e.
choco install openssl
How do I update OpenSSL on Windows 10 from 1.1.1h to 1.1.1o - Stack Overflow
How to update openssl?
How to install OpenSSL from source on Windows 10/11? - Stack Overflow
How do I install OpenSSL on my work laptop? (Windows)
How is AutoInstall SSL™ different from Let’s Encrypt or Certbot?
What is AutoInstall SSL™?
Are wildcard certificates supported?
Videos
I finally made it, I installed OpenSSL 3.2.0-dev on Windows 11.
These are the detailed steps so that anyone in the future can do it:
I ended up using the first method, with C++, as seen here: https://github.com/openssl/openssl/blob/master/NOTES-WINDOWS.md#quick-start
Here are the instructions, I tried to make them as detailed as possible, let me know if it needs changes or fixes:
First steps: Installing the necessary software:
Step 1: Install Perl - Install the Strawberry version, much easier to install and it installs everything and also adds them automatically to the Windows PATH variables
Step 2: Install NASM, and add it to the Windows system (or your user's) PATH variables. I ended up adding it only to my user's variables PATH: C:\Users\<username>\AppData\Local\bin\NASM
Step 3: Install Visual Studio (I have Visual Studio Community 2022), and install the Desktop development with c++. I ended up choosing the following packages(I'm sure not all are necessary, but if you know, please let me know which ones are the ones I need so that I'll update the photo to avoid installing too many packages):

Step 4: Download and install the Build Tools for Visual Studio (I assume in the future this link will change so look for the Build Tools installation link for your Visual Studio version): https://visualstudio.microsoft.com/downloads/#build-tools-for-visual-studio-2022
Step 5: After installing the build tools, launch the Visual Studio installer. In the installer, you will now see the Build Tools. Click on "Modify" under the Visual Studio Build Tools:

And then install the needed packages for the OpenSSL installation, it's what's going to install nmake:

Then, the build and installation steps:
Step 6: Clone the openssl repository to some folder on your PC (I cloned it in C:/ so I ended up having C:/openssl/), and fix the line endings by running the following commands:
> git clone git://git.openssl.org/openssl.git
> cd openssl
> git config core.autocrlf false
> git config core.eol lf
> git checkout .
Update: If you want another version, clone the repository without checking out, fix the line-endings and then checkout to the version you want. For example if you want 3.1.0 stable (Note the -n flag for no-checkout):
> git clone -n git://git.openssl.org/openssl.git
> cd openssl
> git config core.autocrlf false
> git config core.eol lf
> git checkout openssl-3.1.0
Step 7: In Windows Search, search for "Developer Command Prompt for VS 2022" (Or any of your versions), and run it as administrator:

Which will open this command window:

Step 8: You need to set the right environment for the version of OpenSSL you want to install, otherwise build will fail. In my case, I wanted to install OpenSSL for 64-bit systems, copy-paste the following (including the quotes, and change the path according to your Visual Studio installation path):
"C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Auxiliary\Build\vcvars64.bat"
which will then set the environment, as seen here:

Step 9: From the same Developer Command Prompt, cd into the folder you cloned the openssl source code, in my case it was C:/openssl, and then follow the steps from the OpenSSL guide:
> perl Configure VC-WIN64A
> nmake
> nmake test
> nmake install
Note that these steps take time, it took me around 20-30 minutes to finish all these 4 commands
Step 10: That's it! It's installed! You can find the OpenSSL executable (openssl.exe) at C:\openssl\apps. (And add it to Windows system or user's PATH variables if you want)
In my case when I run openssl version I see OpenSSL 3.2.0-dev (Library: OpenSSL 3.2.0-dev )
If you have Git installed in your local, open git bash, and use the command openssl. It should work