OpenSSL Blog

OpenSSL 3.3 Final Release Live

Posted by Kajal Sapkota ,

The final release of OpenSSL 3.3 is now live. This is the first release in accordance with our adoption of biannual time-based releases. We would like to thank all those who contributed to the OpenSSL 3.3 release, without whom, OpenSSL would not be possible.

OpenSSL 3.3 delivers the following new features:

  • QUIC qlog diagnostic logging support
  • Support for the non-blocking polling of multiple QUIC connections or stream objects
  • Support for optimised generation of end-of-stream frames for QUIC connections
  • Support for disabling QUIC event processing when making API calls
  • Support for configuring QUIC idle timeout durations
  • Support for querying the size and utilisation of a QUIC stream’s write buffer
  • Support for RFC 9480 and RFC 9483 extensions to CMP
  • Ability to disable OpenSSL usage of atexit(3) at build time
  • Year 2038-compatible SSL_SESSION APIs
  • Ability to automatically derive Chinese Remainder Theorem (CRT) parameters when requested
  • Ability to ignore unknown algorithm names in TLS signature algorithm and group configuration strings
  • Ability to configure a TLS 1.3 server to prefer PSK-only key exchange during session resumption
  • Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multiple times with different output sizes.
  • Added exporter for CMake on Unix and Windows, alongside the pkg-config exporter.
  • And more. Please check out CHANGES.md for a full list of changes between OpenSSL 3.2 and OpenSSL 3.3.

OpenSSL 3.3 is a regular release, upon this final release a one-year Full Support period is initiated for regular releases. During this phase, bugs and security issues are addressed and fixed according to the Stable Release Updates Policy. Immediately after the Full Support phase ends, the Maintenance Support phase begins, lasting for one year. During this phase, the primary focus is on fixing security issues, although other bugs may be addressed at the discretion of OpenSSL engineering.

The next release will be OpenSSL 3.4. The release process is being managed by Neil Horman (@nhorman). Details on the release schedule can be found on the new OpenSSL Release Schedule board on GitHub.

Bug reports and issues relating to OpenSSL can be filed on our issue tracker, and questions about using OpenSSL 3.3 can be posted on GitHub Discussions.