OpenSSL Blog

OpenSSL 3.0 Alpha4 Release


The OpenSSL Management Committee and the OpenSSL Technical Committee are glad to announce the fourth alpha release of OpenSSL 3.0.

As any alpha release, the code is still experimental and many things can still change before the feature freeze planned for the beta release. In the following weeks more alpha releases will be issued to add more functionality, polish and improve the code and fix issues.

We have been talking about the development of the next major release of OpenSSL for a while, and you can read more about it in previous blog posts and read more about the planned changes in our design document.

This release comes after three more weeks since the last alpha pre-release, and saw a number of changes: 193 commits from 76 PRs, 535 files changed, with 107313 insertions and 11467 deletions.

Among these changes, we can mention, in no particular order:

  • general improvements to the built-in providers, the providers API and the internal plumbing and the provider-aware mechanisms for libssl;
  • general improvements and fixes in the CLI apps;
  • support for Automated Cryptographic Validation Protocol (ACVP) tests;
  • fully pluggable TLS key exchange capability from providers;
  • finalization of the Certificate Management Protocol (CMP) contribution, adding an impressive amount of tests for the new features;
  • default to the newer SP800-56B compliant algorithm for RSA keygen;
  • provider-rand: PRNG functionality backed by providers;
  • refactored naming scheme for dispatched functions (#12222);
  • fixes for various issues;
  • extended and improved test coverage;
  • additions and improvements to the documentations.

This latest development cycle has seen an increasing amount of efforts in polishing and fixes, thanks to the feedback and help from the community that is assisting during the alpha development stage and the addition of higher level functionality that is tying in together different components of the new provider infrastructure. We wish once more to reiterate our thanks for all the feedback and the contributions from the users and developers that are testing the pre-release versions of OpenSSL, which are vital to the development process of the next release.

For more details on upgrading to OpenSSL 3.0 from previous versions, as well as known issues and the status of current development, we collected specific notes on the OpenSSL wiki. We strongly encourage consulting (and contributing to) this wiki entry also to discover the most important changes in the upcoming OpenSSL 3.0 and how they might affect you and the code you maintain.

We are always keen to see oldtimers and newcomers alike proposing issues, fixes and contributions, not only in the form of code, but also for manpages and wiki documentation. At this point, it is particularly important to also make sure that the documentation for the new architecture, for the new features, and for the new deprecations and their replacements, is available, complete, up-to-date and sufficiently clear for external users. We prioritize GitHub issues and pull requests as the favourite channel for contributing to the OpenSSL 3.0 project, but any form of interaction, including on the openssl-users mailing list, is always welcome.

The feedback from the community, and your involvement in testing external applications and ENGINEs against the next version of OpenSSL and improving the documentation is crucial to the continued quality of the OpenSSL Project.