We are pleased to announce the immediate availability of OpenSSL 3.2.0. OpenSSL 3.2.0 is the first General Availability release of the OpenSSL 3.2 release line, and incorporates a number of new features, including:
- Client-side QUIC support, including support for multiple streams (RFC 9000)
- Certificate compression in TLS (RFC 8879), including support for zlib, zstd and Brotli
- Deterministic ECDSA (RFC 6979)
- Support for Ed25519ctx, Ed25519ph and Ed448ph (RFC 8032) in addition to existing support for Ed25519 and Ed448
- AES-GCM-SIV (RFC 8452)
- Argon2 (RFC 9106) and supporting thread pool functionality
- HPKE (RFC 9180)
- The ability to use raw public keys in TLS (RFC 7250)
- TCP Fast Open (RFC 7413) support, where supported by the OS
- Support for provider-based pluggable signature schemes in TLS, enabling third-party post-quantum and other algorithm providers to use those algorithms with TLS
- Support for Brainpool curves in TLS 1.3
- Support for using the Windows system certificate store as a source of trusted root certificates. This is not yet enabled by default and must be activated using an environment variable. This is likely to become enabled by default in a future feature release.
A complete summary of the major new features and significant changes in OpenSSL 3.2 can be found in the NEWS file; a more detailed list of changes in OpenSSL 3.2 can be found in the CHANGES file on GitHub.
Users interested in using the new QUIC functionality are encouraged to read the README file for QUIC, which provides links to relevant documentation and example code.
The next feature release after OpenSSL 3.2 will be OpenSSL 3.3, which will be released no later than 30 April 2024. This release is expected to include QUIC server support. The determination of what other features will be shipped in OpenSSL 3.3 is ongoing and will be decided by our recently announced Release Steering Committee.
We would like to thank all of our users and communities for their continued use and support of OpenSSL. OpenSSL 3.2.0 represents the product of over two years of development work, comprising over 4,000 commits and contributions from over 300 different authors. This release would not be possible without the innumerable bug reports, pull requests, code reviews and feedback we continue to receive from our community.
We would also like to extend our thanks to all of the organisations who have supported the development of OpenSSL 3.2 financially, whether by holding a support contract with us or by sponsoring OpenSSL. These organisations provide a sustainable income source for the project, and continue to enable us to fund consultants to work full time for the OpenSSL project. Over 60% of commits in the past year were funded by the OpenSSL project itself, thanks to our support customers and sponsors.
As always, bug reports and issues relating to OpenSSL can be filed on our issue tracker, and questions about using OpenSSL 3.2 can be posted on GitHub Discussions.