OpenSSL Light

by Shining Light Productionsv4.0.1

Last updated Jun 11, 2026

Install the most commonly used essentials of OpenSSL - a robust, commercial-grade, full-featured toolkit for general-purpose cryptography and secure communication.

Visit homepage

Install with winget

$ winget install --id ShiningLight.OpenSSL.Light --exact --version 4.0.1

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Silent install command for OpenSSL Light

OpenSSL Light uses EXE (Inno Setup). The silent install switches are /VERYSILENT /SUPPRESSMSGBOXES /NORESTART.

One-line silent install (x64, machine scope)

Win64OpenSSL_Light-4_0_1.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

See the full silent install reference for OpenSSL Light →

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

Installers · v4.0.1

Architecture	Type	Scope	Download
x86	EXE Inno Setup	machine	Direct
x86	MSI WiX	machine	Direct
x64	EXE Inno Setup	machine	Direct
x64	MSI WiX	machine	Direct
arm64	EXE Inno Setup	machine	Direct
arm64	MSI WiX	machine	Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

25 known CVEs via NVD

medium5.3Patched in wingetCVE-2026-42769affects before 3.4.6, 3.5.7, 3.6.3Jun 9, 2026
Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol (CMP) message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Aut...
Patch Vendor advisory
medium5.9Patched in wingetCVE-2026-42766affects before 1.0.2zq, 1.1.1zh, 3.0.21, +3 moreJun 9, 2026
Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application crash and a Denial of Service. The CMS PasswordRecipientInfo.keyDerivationAlgor...
Patch Vendor advisory
high7.5Patched in wingetCVE-2026-42765affects before 3.6.3Jun 9, 2026
Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a self-signed trusted anchor, crashing the process. Impact summary: A NULL pointe...
Patch Vendor advisory
high7.5Patched in wingetCVE-2026-42764affects before 3.5.7, 3.6.3Jun 9, 2026
Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server pr...
Patch Vendor advisory
medium5.0Patched in wingetCVE-2026-35188affects before 3.6.3Jun 9, 2026
Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request extension, triggering a double-free in the client's certificate verification path. Impact summary: Successful exploitation allows an attacker to corrupt h...
Patch Vendor advisory
high7.5Patched in wingetCVE-2026-34183affects before 3.4.6, 3.5.7, 3.6.3Jun 9, 2026
Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_CHALLENGE frames. Impact summary: A malicious remote peer can cause an unbounded memory allocation which can lead to an abnormal termination of the applic...
Patch Vendor advisory
critical9.1Patched in wingetCVE-2026-34182affects before 3.0.21, 3.4.6, 3.5.7, 3.6.3Jun 9, 2026
Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabiliti...
Patch Vendor advisory
high7.4Patched in wingetCVE-2026-34181affects before 3.4.6, 3.5.7, 3.6.3Jun 9, 2026
Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 (PBMAC1) integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user...
Patch Vendor advisory

Showing 8 of 25. Source: NVD, updated 4h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Related apps

OpenSSLShining Light Productions
ShiningLight.OpenSSL.Devv4.0.1
Install OpenSSL - a robust, commercial-grade, full-featured toolkit for general-purpose cryptography and secure communication.
OpenSSL Light LTSShining Light Productions
ShiningLight.OpenSSL.LTS.Lightv3.5.6
Install the most commonly used essentials of OpenSSL - a robust, commercial-grade, full-featured toolkit for general-purpose cryptography and secure communication.

Frequently asked questions

How do I install OpenSSL Light on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id ShiningLight.OpenSSL.Light --exact --version 4.0.1. winget downloads the installer from Shining Light Productions and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install OpenSSL Light silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id ShiningLight.OpenSSL.Light --exact 4.0.1 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

What are the silent install switches for OpenSSL Light?

OpenSSL Light uses EXE (Inno Setup). Run the downloaded installer with: Win64OpenSSL_Light-4_0_1.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART. The silent switches are /VERYSILENT /SUPPRESSMSGBOXES /NORESTART.

How do I uninstall OpenSSL Light via winget?

Run: winget uninstall --id ShiningLight.OpenSSL.Light --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from OpenSSL Light's Apps & Features entry.

Is OpenSSL Light free?

OpenSSL Light is distributed under Freeware. Refer to the publisher (https://slproweb.com/products/Win32OpenSSL.html) for the full license terms - Wingetly itself does not charge for installation.

Does OpenSSL Light work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls OpenSSL Light directly from the publisher.

How do I keep OpenSSL Light up to date?

Run winget upgrade --id ShiningLight.OpenSSL.Light --exact, or winget upgrade --all to update everything winget tracks. We index 7 versions of OpenSSL Light from microsoft/winget-pkgs.

Recent versions

4.0.1latest
4.0.0
3.6.2
3.6.1
3.6.0
3.5.4
3.0.19