We are pleased to announce the availability of a feature preview for our OpenSSL QUIC server functionality. This is an early technology preview which is being published to seek feedback from our communities.

This preview is now available in the feature/quic-server branch of the OpenSSL repository on GitHub. Those interested in providing early feedback on our QUIC server functionality are invited to download and build this branch.

It is important to note that this branch represents a prototype phase at this time and many aspects of the planned functionality are not yet implemented. In particular, only a very small subset of the full SSL API is currently implemented. This preview is being released to enable all of our communities to provide their feedback as part of the API design process and in order to validate our requirements prior to the finalisation of the API.

This branch is intended as a feature preview to support development and testing. It has not yet been subject to ordinary QA processes, is not yet fully RFC-conformant, and is not intended for production use.

A demo program demonstrating usage of the new server API is available here, which is the recommended starting point for those seeking to experiment with this feature preview.

Official support for server-side QUIC functionality is anticipated to be delivered in OpenSSL 3.4, which, as per our time-based releases policy, will be released no later than 31 October 2024.

As always, bug reports and issues can be filed on our issue tracker, and questions about using this feature preview can be posted on GitHub Discussions.

Comments on this release are also welcomed on GitHub Discussions, or via email to feedback@openssl.org.

This year, OpenSSL will be attending RSA Conference 2024, one of the world’s largest cybersecurity events. Throughout May 6-9 in San Francisco, we are seeking to engage with our communities at RSA to better understand their needs and problems.

We look forward to meeting with RSA attendees interested in discussing OpenSSL or related fields. As such, we’d like to invite anyone attending RSA to reach out so that we can meet with them at the conference.

Anyone can book a meetup with OpenSSL at RSA using this form, or alternatively by emailing oss-rsa@openssl.org. While we are particularly interested in hearing from our current and prospective support customers, this invitation is open to anyone who wants to talk to us.

We look forward to meeting with you at RSA Conference 2024. You can also reach out to us at @OpenSSL_ during the conference.

We are pleased to announce our upcoming webinar, Writing a TLS Client.

In this webinar we will cover writing a simple TLS client using the OpenSSL APIs. The webinar will cover how to write an application that connects to a server and securely exchanges data using TLS using the OpenSSL API.

At the end of the webinar we will host a Q&A session, giving you the opportunity to have your questions answered by OpenSSL developers.

Event Details

• Date: April 25, 2024
• Time: 09:00 AM Pacific Time (US and Canada)
• Location: Online (Zoom)

How to Register

To register for the webinar, click here, fill in your details, and you will receive a confirmation email with all the information you will need to join us on the day of the event. You will need to register in order to be able to attend the webinar.

The final release of OpenSSL 3.3 is now live. This is the first release in accordance with our adoption of biannual time-based releases. We would like to thank all those who contributed to the OpenSSL 3.3 release, without whom, OpenSSL would not be possible.

OpenSSL 3.3 delivers the following new features:

• QUIC qlog diagnostic logging support
• Support for the non-blocking polling of multiple QUIC connections or stream objects
• Support for optimised generation of end-of-stream frames for QUIC connections
• Support for disabling QUIC event processing when making API calls
• Support for configuring QUIC idle timeout durations
• Support for querying the size and utilisation of a QUIC stream’s write buffer
• Support for RFC 9480 and RFC 9483 extensions to CMP
• Ability to disable OpenSSL usage of atexit(3) at build time
• Year 2038-compatible SSL_SESSION APIs
• Ability to automatically derive Chinese Remainder Theorem (CRT) parameters when requested
• Ability to ignore unknown algorithm names in TLS signature algorithm and group configuration strings
• Ability to configure a TLS 1.3 server to prefer PSK-only key exchange during session resumption
• Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multiple times with different output sizes.
• Added exporter for CMake on Unix and Windows, alongside the pkg-config exporter.
• And more. Please check out CHANGES.md for a full list of changes between OpenSSL 3.2 and OpenSSL 3.3.

OpenSSL 3.3 is a regular release, upon this final release a one-year Full Support period is initiated for regular releases. During this phase, bugs and security issues are addressed and fixed according to the Stable Release Updates Policy. Immediately after the Full Support phase ends, the Maintenance Support phase begins, lasting for one year. During this phase, the primary focus is on fixing security issues, although other bugs may be addressed at the discretion of OpenSSL engineering.

The next release will be OpenSSL 3.4. The release process is being managed by Neil Horman (@nhorman). Details on the release schedule can be found on the new OpenSSL Release Schedule board on GitHub.

Bug reports and issues relating to OpenSSL can be filed on our issue tracker, and questions about using OpenSSL 3.3 can be posted on GitHub Discussions.

The OpenSSL Project has returned from spending a week in February sequestered in the beautiful Australian outback discussing the past, current, and future state of the project. This in-person meeting brought together the project’s paid resources and the management committee. Our goal for this meeting was to chart the course for OpenSSL’s future, tackle current challenges, and note our collective achievements. Three project members were unable to participate in person and joined the meetings remotely.

In the 2023 in-person meeting, the project unanimously agreed on a mission and values statement that reflects not only our desire for greater transparency and community engagement, but our commitment to organizational independence, and to our core mission of making secure communications available to everyone. We have achieved many things in 2023 including:

• OpenSSL 3.2 released in November 2023
• Added 7 new full-time resources working on the project
• Creation of regular webinars such as the providers workshops
• Adoption of time-based releases

At this year’s meeting we revisited our mission and values statement, have reconfirmed our belief in the statement, and are now hard at work making sure the mission and values are reflected in all aspects of the project. Keeping that in mind, a recurring theme that was discussed was the importance of community engagement. OpenSSL thrives because of its community, and we explored new strategies to encourage participation and contribution. Stay tuned for further communication from us regarding new initiatives to promote community interaction.

Beyond the sessions, the meeting was a valuable opportunity for team members, many of whom work remotely, to connect in person. These moments of connection are invaluable, strengthening the bonds within the project resources and reinvigorating our collective passion for the project.

Please stay tuned for updates on our progress and how you can contribute to the future of OpenSSL.

The 2024 Face-to-Face meeting was highly productive and we are all eager to see what the future holds for the project. Until next time, keep your data safe and your connections secure.

Please enjoy photos from the meeting.

We are pleased to announce that we have successfully distributed nearly 100 limited edition T-shirts commemorating the 25th anniversary of OpenSSL’s existence.

We appreciate the support of all our communities, users, individual contributors and support customers, without which we would not be able to continue our mission and deliver on our open source values. These continue to drive the success and evolution of OpenSSL, and we couldn’t be more appreciative.

For those who received an anniversary T-shirt, feel free to share a picture of yourself wearing the T-shirt and tag us on social media @openssl_! Thank you once again for celebrating this significant milestone with us.

The beta release of OpenSSL 3.3 is now live. This release is in accordance with our adoption of biannual time-based releases. As this is a beta release, we consider this to be a release candidate and as such encourage all OpenSSL users to build and test against this beta release and provide feedback. It represents the second step in our planned release of OpenSSL 3.3. To view the full 3.3 release schedule please refer to this blog.

The code for OpenSSL 3.3 is now functionally complete and we expect the final release to occur on schedule. We would also like to thank all those who contributed to the OpenSSL 3.3 release, without which as ever OpenSSL would not be possible.

OpenSSL 3.3 will feature the following new features:

• QUIC qlog diagnostic logging support
• Support for the non-blocking polling of multiple QUIC connections or stream objects
• Support for optimised generation of end-of-stream frames for QUIC connections
• Support for disabling QUIC event processing when making API calls
• Support for configuring QUIC idle timeout durations
• Support for querying the size and utilisation of a QUIC stream’s write buffer
• Support for RFC 9480 and RFC 9483 extensions to CMP
• Ability to disable OpenSSL usage of atexit(3) at build time
• Year 2038-compatible SSL_SESSION APIs
• Ability to automatically derive Chinese Remainder Theorem (CRT) parameters when requested
• Ability to ignore unknown algorithm names in TLS signature algorithm and group configuration strings
• Ability to configure a TLS 1.3 server to prefer PSK-only key exchange during session resumption
• Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multiple times with different output sizes.
• Added exporter for CMake on Unix and Windows, alongside the pkg-config exporter.
• And more. Please check out CHANGES.md for a full list of changes between OpenSSL 3.2 and OpenSSL 3.3.

No further features or API changes are planned for 3.3 beyond those listed above. We will not be accepting any additional features for 3.3; any unmerged feature PRs will now be considered for 3.4.

The release process of OpenSSL 3.3 is being managed by Neil Horman (@nhorman). Details on the release schedule can be found on the new OpenSSL Release Schedule board on GitHub.

This year, we had the privilege of participating in FOSDEM for the first time. This offered us an opportunity to engage with the open source community at the conference, share our insights, and learn from the vast pool of knowledge that FOSDEM brings together.

FOSDEM, short for Free and Open Source Software Developers’ European Meeting, is an event that brings together thousands of open source developers, enthusiasts, and professionals from around the world. It’s a festival of knowledge, with workshops, talks, and sessions covering a myriad of topics from software development and security to hardware innovation and beyond.

For OpenSSL, going to FOSDEM gave us the unique opportunity to meet face-to-face with individuals from the varied open source community and share experiences, challenges, and solutions in the realm of open source.

One of the highlights of our participation was the stand we hosted at FOSDEM this year. To celebrate our 25th anniversary we handed out over 300 T-Shirts at FOSDEM. We wanted to give a token to express our gratitude to the incredible open source community that has supported the project throughout the years.

As our mission and values states “We believe in the principles of open source software, not only for its inherent values but also for the transparency and accountability it provides to our security and privacy tools.” Our participation at FOSDEM has reinforced our values and we look forward to continuing our journey in the world of open source.

We are thrilled to announce our upcoming webinar, Writing Your First OpenSSL Application.

This webinar is designed to take you from an understanding of basic cryptography concepts to writing your first secure application using OpenSSL. It’s the perfect starting point for anyone looking to dive into the world of secure application development. Here’s what we’ll cover:

• Define the use cases for which OpenSSL can be used
• How to find documentation to learn how to use OpenSSL in applications
• How to write applications using OpenSSL
• How to test and verify functionality of OpenSSL applications
• How to identify and fix bugs in OpenSSL applications
• Q&A Session: Have your questions answered by our OpenSSL experts. This is a great opportunity to clear up any doubts and gain additional insights.

By the end of this presentation, the audience should be able to match their application needs to OpenSSL library features, find documentation to explain how to leverage those features, create applications using OpenSSL, and learn how to detect and understand errors that may arise.

Event Details

• Date: Mar 28, 2024
• Time: 09:00 AM Pacific Time (US and Canada)
• Location: Online (Zoom)

How to Register

Registering for the webinar is simple. Just click here, fill in your details, and you’ll receive a confirmation email with all the information you’ll need to join us on the day of the event. You will need to register in order to be able to attend the webinar.

Intended Audience

With cyber threats evolving every day, the importance of secure software cannot be overstated. This webinar will provide valuable insights and practical skills to audiences looking to start a career in cybersecurity, aiming to enhance their current skills, or are simply curious about secure application development.

Don’t miss this opportunity to embark on your journey with OpenSSL and secure application development. Register today and take the first step toward mastering the art of writing secure software. See you at the webinar!

Email us at feedback@openssl.org if you have any questions or comments.

The Alpha release of OpenSSL 3.3 is now live. This release is in accordance with our adoption of biannual time-based releases. As this is an alpha release, it is intended for development and testing purposes. It represents the first step in our planned release of OpenSSL 3.3. To view the full 3.3 release schedule please refer to this blog.

OpenSSL 3.3 will feature the following new features:

• QUIC qlog diagnostic logging support
• Support for the non-blocking polling of multiple QUIC connection or stream objects
• Support for optimised generation of end-of-stream frames for QUIC connections
• Support for disabling QUIC event processing when making API calls
• Support for configuring QUIC idle timeout durations
• Support for querying the size and utilisation of a QUIC stream’s write buffer
• RCU lock infrastructure for performance enhancements
• Support for RFC 9480 and RFC 9483 extensions to CMP
• Ability to disable OpenSSL usage of atexit(3) at build time
• Year 2038-compatible SSL_SESSION APIs
• Ability to automatically derive Chinese Remainder Theorem (CRT) parameters when requested
• Ability to ignore unknown algorithm names in TLS signature algorithm and group configuration strings
• Ability to configure a TLS 1.3 server to prefer PSK-only key exchange during session resumption

No further features or API changes are planned for 3.3 beyond those listed above. We will not be accepting any additional features for 3.3; any unmerged feature PRs will now be considered for 3.4.

The release process of OpenSSL 3.3 will be managed by Neil Horman (@nhorman). Details on the release schedule can be found on the new OpenSSL Release Schedule board on GitHub.