OpenSSL Blog

OpenSSL 3.3 Beta Release Live

Posted by Kajal Sapkota ,

The beta release of OpenSSL 3.3 is now live. This release is in accordance with our adoption of biannual time-based releases. As this is a beta release, we consider this to be a release candidate and as such encourage all OpenSSL users to build and test against this beta release and provide feedback. It represents the second step in our planned release of OpenSSL 3.3. To view the full 3.3 release schedule please refer to this blog.

The code for OpenSSL 3.3 is now functionally complete and we expect the final release to occur on schedule. We would also like to thank all those who contributed to the OpenSSL 3.3 release, without which as ever OpenSSL would not be possible.

OpenSSL 3.3 will feature the following new features:

  • QUIC qlog diagnostic logging support
  • Support for the non-blocking polling of multiple QUIC connections or stream objects
  • Support for optimised generation of end-of-stream frames for QUIC connections
  • Support for disabling QUIC event processing when making API calls
  • Support for configuring QUIC idle timeout durations
  • Support for querying the size and utilisation of a QUIC stream’s write buffer
  • Support for RFC 9480 and RFC 9483 extensions to CMP
  • Ability to disable OpenSSL usage of atexit(3) at build time
  • Year 2038-compatible SSL_SESSION APIs
  • Ability to automatically derive Chinese Remainder Theorem (CRT) parameters when requested
  • Ability to ignore unknown algorithm names in TLS signature algorithm and group configuration strings
  • Ability to configure a TLS 1.3 server to prefer PSK-only key exchange during session resumption
  • Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multiple times with different output sizes.
  • Added exporter for CMake on Unix and Windows, alongside the pkg-config exporter.
  • And more. Please check out CHANGES.md for a full list of changes between OpenSSL 3.2 and OpenSSL 3.3.

No further features or API changes are planned for 3.3 beyond those listed above. We will not be accepting any additional features for 3.3; any unmerged feature PRs will now be considered for 3.4.

The release process of OpenSSL 3.3 is being managed by Neil Horman (@nhorman). Details on the release schedule can be found on the new OpenSSL Release Schedule board on GitHub.