OpenSSL Blog

OpenSSL Working Group Update

,

As many of you are aware we have undergone a lot of internal organisation changes within the OpenSSL Project in the last couple of years, one of the key changes being the introduction of the OpenSSL Working Group.

In the February 2023 face-to-face meeting we decided to create the OpenSSL Working Group in an effort to be more efficient at addressing and executing on decisions made.

The WG was formed as an initiative to include more people into the OpenSSL decision making process and organize a place where OMC members, engineering, management, paid team members, and invited third parties all meet together and tackle urgent issues together and in a timely manner.

As a result we have been able to for the first time ever in the history of OpenSSL come close to hitting a committed release date, we had initially aimed for an October release and we got it out in early November. Now as we have moved on to a time-based release schedule, the Working Group has been keeping us on track to have our April release date.

Other things the Working Group has guided the project on include:

  • Providers Workshop
  • Creation of regular webinars and a YouTube channel
  • Improved Documentation - OpenSSL Onboarding Documents, OpenSSL Flyers, OpenSSL Banners etc
  • Regular updates on the internal workings of the project via project board, blogs, and email
  • Hosted a stand at FOSDEM
  • Celebrating our 25 year anniversary with our contributors and community members
  • And much more!

To get a more in-depth look into what the Working Group is working on every week please take a look at our public project board where we track almost every issue publicly, minus a couple items that require privacy. The working group has proven instrumental in increasing trust and confidence in the project by making sure decisions are made in a timely manner so that the OpenSSL Project can gain a reputation of being a reliable and sustainable open source project.

If you have any questions or concerns please contact us at feedback@openssl.org

NetApp and OpenSSL: Teaming Up for More Secure Internet

,

Exciting news in the world of online security! NetApp, an intelligent data infrastructure company, is now a Gold Sponsor of OpenSSL, showing their strong support for making the internet a safer place for everyone.

NetApp’s sponsorship brings valuable resources to OpenSSL, enabling the project to accelerate development, conduct thorough security audits, and ensure ongoing maintenance and support. In return, NetApp gains access to cutting-edge cryptographic technologies, contributing to the enhancement of its own security solutions and reinforcing its position as a leader in data management.

This teamwork shows how powerful it can be when companies invest in the tools that keep our online world secure. As NetApp and OpenSSL work together, they’re not just making their own projects better – they’re inspiring others to join in and make the whole online community stronger.

Contact us at feedback@openssl.org or on GitHub Discussions if you have any questions or comments.

Upcoming Getting Started With OpenSSL Webinar

,

In the fast-paced world of cybersecurity, the ability to secure digital assets is paramount. We’re excited to announce our upcoming webinar, “Getting Started with OpenSSL,” which is designed to provide attendee’s with a solid foundation in using OpenSSL to enhance the security of their applications and systems. Join us for this webinar and learn all about OpenSSL’s purpose, features, and components.

Why Attend? Empower Yourself: Gain practical skills to implement OpenSSL in your projects. Community Engagement: Connect with a community of security-conscious individuals.

Save the Date: 📅 Date: Feb 06, 2024 🕒 Time: 08:00 AM Pacific Time (US and Canada 📍 Location: https://zoom.us/webinar/register/WN_GWqOVe4FRZC-IctgLzmpBQ

Secure your spot now and embark on a journey to unlock the secrets of OpenSSL. Don’t miss this opportunity to enhance your cybersecurity knowledge. Register today and stay one step ahead in safeguarding your digital assets!

OpenSSL's Official Youtube Channel

,

We are thrilled to announce a major leap forward in our efforts to connect with the community and share valuable insights—OpenSSL now has its own YouTube channel! As a significant milestone in our commitment to transparency, education, and open-source collaboration, this channel will serve as a hub for engaging content, tutorials, and updates straight from the heart of OpenSSL.

What to Expect:

Tutorial Series: Get ready for in-depth tutorials covering a wide range of topics, from OpenSSL basics to advanced usage scenarios. Whether you’re a seasoned developer or just starting, our tutorials will cater to all skill levels.

Security Insights: Stay informed about the latest in cybersecurity with our security-focused videos. Explore best practices, industry trends, and the evolving landscape of digital security.

Subscribe Now: Be among the first to experience the excitement by subscribing to our YouTube channel: @OpenSSL_.

Launch Video: To kick things off, we’ve uploaded all the presentations from our most recent Provider Workshops Users and Authors Track. Watch them here and let us know your thoughts in the comments!

Get Involved: We want this channel to be a collaborative space where the community actively participates. Share your thoughts, suggestions, and ideas for future videos in the comments section or reach out to us at feedback@openssl.org.

Stay Connected: Follow us on Twitter and LinkedIn for real-time updates and announcements related to the YouTube channel.

We are incredibly excited about this new venture and can’t wait to embark on this journey of knowledge sharing and community engagement with all of you. Thank you for your continued support!

Happy watching!

OpenSSL 25 Year Anniversary T-Shirt Giveaway

,

We are thrilled to announce a special celebration in honor of OpenSSL’s 25th anniversary! Two and a half decades of commitment to security, reliability, and open-source collaboration have made OpenSSL an indispensable tool in the world of digital communication.

To express our gratitude to the incredible community that has supported us throughout the years, we are hosting an exclusive T-Shirt Giveaway! The first 75 people to participate will receive a limited edition OpenSSL 25th-anniversary T-shirt as a token of our appreciation.

How to Participate:

Fill out the entry form with your full name, phone, email, address, and shirt size so we can verify your participation and send you your t-shirt.

Giveaway Details:

Prize: Limited edition OpenSSL 25th-anniversary T-shirt. Quantity: The first 75 participants who complete all the steps. Deadline: Submissions open December 20, 2023 and close January 30, 2024 or when we hit 75 participants.

Winners Announcement:

We will notify the recipient via email. Make sure to keep an eye on your inbox and follow us for updates!

Thank you for being a vital part of the OpenSSL journey. Your continued support has made OpenSSL what it is today, and we are excited to celebrate this milestone with you.

Here’s to 25 years of open-source excellence and many more to come!

Contact us at feedback@openssl.org if you have any questions or comments

OpenSSL Providers Workshop: Authors Track

,

Part two of the OpenSSL Providers Workshop is next week! We have divided the workshop into two tracks the Users Track and the Authors Track. Please join us next week for part two of the workshop: Live OpenSSL Providers Workshop: Authors Track. As with the Users Track, we will be hosting two sessions of the Authors Track at different times to allow people from different time zones to be able to join our workshops live.

The Authors Track will cover how to write your own OpenSSL provider. This session will assume some basic knowledge about what OpenSSL providers are and how to use them (such as might be obtained from attending the “Users Track” session). It will be split into 4 separate presentations by OpenSSL Engineers. There will be opportunities to ask questions after each talk, as well as at the end where there will be an open forum for any questions or feedback not covered by the individual presentations.

Learn more and register in advance for the workshop here (please choose the time zone that works best for you):

Session 1: Americas and EMEA Time Zone

When: Dec 11, 2023 04:00 PM Universal Time UTC Register in advance for this webinar: https://zoom.us/webinar/register/WN_2UqTPnrxQjyUJOzUxOj77w

Session 2: APAC Time Zone

When: Dec 12, 2023 07:00 AM Universal Time UTC Register in advance for this webinar: https://zoom.us/webinar/register/WN_LNFArIEmQmqbmiLdSuOdOA

After registering, you will receive a confirmation email containing information about joining the webinar.

Contact us at feedback@openssl.org or on GitHub Discussions if you have any questions or comments

OpenSSL Providers Workshop: Users Track

,

The long anticipated OpenSSL Providers Workshop is finally here! We have divided the workshop into two tracks the Users Track and the Authors Track. Please join us next week for part one of the workshop: Live OpenSSL Providers Workshop: Users Track. Due to world wide interest, we will be hosting two sessions of the Users Track at different times to allow people from different time zones to be able to join our workshops live.

The Users Track will cover how to use OpenSSL providers. It will be split into 3 separate presentations by OpenSSL Engineers. There will be opportunities to ask questions after each talk, as well as at the end where there will be an open forum for any questions or feedback not covered by the individual presentations.

Learn more and register in advance for the workshop here(please choose the time zone that works best for you):

APAC Time Zone:

When: Dec 6, 2023 07:00 AM Universal Time UTC Register in advance: https://zoom.us/webinar/register/WN_8ZPx5nkpTEG1fYLWH-StbQ

Americas and EMEA Time Zone:

When: Dec 7, 2023 04:00 PM Universal Time UTC Register in advance: https://zoom.us/webinar/register/WN_jta40RLSTTei9OF8CINjCA

After registering, you will receive a confirmation email containing information about joining the webinar.

Stay tuned for news about part two of the OpenSSL Providers Workshop: Authors Track.

Contact us at feedback@openssl.org or on GitHub Discussions if you have any questions or comments

OpenSSL Announces Final Release of OpenSSL 3.2.0

,

We are pleased to announce the immediate availability of OpenSSL 3.2.0. OpenSSL 3.2.0 is the first General Availability release of the OpenSSL 3.2 release line, and incorporates a number of new features, including:

  • Client-side QUIC support, including support for multiple streams (RFC 9000)
  • Certificate compression in TLS (RFC 8879), including support for zlib, zstd and Brotli
  • Deterministic ECDSA (RFC 6979)
  • Support for Ed25519ctx, Ed25519ph and Ed448ph (RFC 8032) in addition to existing support for Ed25519 and Ed448
  • AES-GCM-SIV (RFC 8452)
  • Argon2 (RFC 9106) and supporting thread pool functionality
  • HPKE (RFC 9180)
  • The ability to use raw public keys in TLS (RFC 7250)
  • TCP Fast Open (RFC 7413) support, where supported by the OS
  • Support for provider-based pluggable signature schemes in TLS, enabling third-party post-quantum and other algorithm providers to use those algorithms with TLS
  • Support for Brainpool curves in TLS 1.3
  • SM4-XTS
  • Support for using the Windows system certificate store as a source of trusted root certificates. This is not yet enabled by default and must be activated using an environment variable. This is likely to become enabled by default in a future feature release.