Bro fails to build on OS X 10.11 (El Capitan) due to OpenSSL header removal


It looks like Apple removed the OpenSSL headers with El Capitan[1] (OS X
10.11), and now Bro fails to build on OS X. Apple's recommendation is
that we either include a copy of OpenSSL ourselves or we use their
Secure Transport API.

[1] - <>




Adam Slagell
April 11, 2016, 2:26 PM

The installation instructions are in the Bro Manual though, and hence an update will only affect the development version and not the version people are likely to visit if they are using 2.4.x, right?

Is there a way we can update the release version of the bro manual without making a new release? Or should we put a note somewhere else about the 2.4.x + Mac OS 10.11 + Homebrew problem?

Matthias Vallentin
April 11, 2016, 3:13 PM

Right, ideally we avoid a new release, because it's not really a Bro bug.

In my opinion, it suffices to update the 2.4.1 manual and mention how to use `--with-openssl` with Homebrew and El Capitan. Jon & Vlad have already fixed the issue for the next release.

Johanna Amann
April 20, 2016, 7:08 PM

- one more small question:

in your branch, you use the ports,brew,find binaries to find the path. Would it make sense to still, in addition, hardcode /opt/local, /usr/local and /sw just in case there are more people like me who, e.g., do not have the commands in their default search path?

If that is ok, I will just do that during merging. At least at the moment I am hard pressed to come up with a disadvantage to this.

Vlad Grigorescu
April 20, 2016, 9:53 PM

- Sure, that's a good idea. Is it reasonable to add those to the end of the search paths, in that case, though? I'm worried about the case where, for example, I have an old OpenSSL floating around and that will get picked up first. (I haven't checked to see exactly in what order it would get added).

Johanna Amann
April 21, 2016, 3:22 PM

Yup, that actually was my plan . Thanks.


Johanna Amann


Vlad Grigorescu



External issue ID



Fix versions

Affects versions