Skip to content

OpenSSL Tracer installation🔗

The SandboxAQ OpenSSL Tracer is a dynamic library that logs cryptographic calls made by an application linked to OpenSSL. The logged information is formatted for analysis by AQtive Guard.


  • Linux 64-bit
  • The libunwind library to retrieve stack traces.


To obtain complete stack traces for calls to the OpenSSL library, the application to be traced should be built using debug symbols. You can still trace an application without debug symbols, but you will only see the calls to the libraries without the detailed stack traces.

Note that building the OpenSSL libraries themselves in debug mode (making them debuggable) isn’t required or recommended for this purpose. Only the application that uses OpenSSL needs to be compiled with debug symbols for effective tracing.

The OpenSSL Tracer comes in different versions - one for each supported version of OpenSSL. OpenSSL versions 0.9.8, 1.0.x and 1.1.x are supported. Therefore, you need to know which version of the OpenSSL libraries your application uses. The OpenSSL Tracer reference has steps on finding this information.


If you’ve purchased the appropriate license, a download link to the tracer should have been sent to you.

Visit our support portal if you have questions or need help.


The OpenSSL Tracer is distributed as a zip package named cs-openssl-tracer-<VERSION>.zip. When you extract this package, it creates several directories that contain the tracers for different versions of OpenSSL:

├── cs-tracer-openssl-0.9.8
│   ├──
│   └──
├── cs-tracer-openssl-1.0
│   ├──
│   └──
├── cs-tracer-openssl-1.0-rhel7
│   ├──
│   └──
├── cs-tracer-openssl-1.1
│   ├──
│   └──


You can move these files anywhere on your system. They don’t have to remain in the cs-openssl-tracer-pack-<VERSION> directory.