OpenSSL Blog

OpenSSL 3.2 Final Release Postponed

,

As part of the OpenSSL project’s commitment to deliver a secure and high quality cryptography toolkit, we routinely apply fuzzing to the OpenSSL codebase, which searches automatically for potential bugs in upcoming OpenSSL releases. This fuzzing process runs continuously and on an ongoing basis and as such, bugs can be identified by our fuzzing infrastructure at any time.

Due to a small number of bugs which have been identified by the ongoing use of fuzzing, the OpenSSL Project has made the decision to postpone the final release of OpenSSL 3.2 by at least a week. While we have promptly fixed all bugs presently identified by fuzzing, to ensure the quality of OpenSSL 3.2, we do not intend to make the final release until all issues identified by fuzzing have been addressed and no new issues are found for one week. As a result, we have pushed the full release of OpenSSL 3.2 to the 23rd November 2023. Please stay tuned to our blog for more details on the matter.

In the meantime, the OpenSSL 3.2 Beta is currently available. We encourage all OpenSSL users to build and test against the beta release and provide feedback.

OpenSSL 3.2 will be our last release before we transition to a time-based release schedule on a 6-month cadence, with regular feature releases in October and April each year.

A complete summary of the major new features and significant changes in OpenSSL 3.2 can be found in the NEWS file; a more detailed list of changes in OpenSSL 3.2 can be found in the CHANGES file on GitHub.

Please download OpenSSL 3.2 beta1 from here and let us know about any problems you encounter by opening an issue at our GitHub page.

Feedback from the community and your involvement in testing external applications against the next version of OpenSSL is crucial to the continued quality of the OpenSSL releases. Please get in touch with us at feedback@openssl.org or on GitHub Discussions

Expected OpenSSL 3.2 Release Date

,

The OpenSSL Project is excited to announce that OpenSSL 3.2 is expected to be fully released on 16th November, 2023.

In the meantime the OpenSSL 3.2 Beta is currently available. We encourage all OpenSSL users to build and test against the beta release and provide feedback.

OpenSSL 3.2 will be our last release before we transition to a time-based release schedule on a 6-month cadence, with regular feature releases in October and April each year.

A complete summary of the major new features and significant changes in OpenSSL 3.2 can be found in the NEWS file; a more detailed list of changes in OpenSSL 3.2 can be found in the CHANGES file on GitHub.

Please download OpenSSL 3.2 beta1 from here and let us know about any problems you encounter by opening an issue at our github page.

Feedback from the community and your involvement in testing external applications against the next version of OpenSSL is crucial to the continued quality of the OpenSSL releases. Please contact us at feedback@openssl.org or on GitHub Discussions

OpenSSL 3.2 Release Candidate

,

The OpenSSL Project is excited to announce our first beta release of OpenSSL 3.2. We consider this to be a release candidate and as such encourage all OpenSSL users to build and test against this beta release and provide feedback.

The code for OpenSSL 3.2 is now functionally complete and at the time of the beta release there were no outstanding known regressions that need to be fixed before the final release. A lot of work has been going on over the last few months getting OpenSSL 3.2 ready for its final release and we want to send thanks to everyone who has helped us.

Our plans for issuing the final release have been postponed. We now plan to release by the end of November 2023. Following this, we will transition to a time-based release schedule on a 6-month cadence, with regular feature releases in October and April each year.

We are nearing the finishing line and are excited about the many new features and changes that OpenSSL 3.2 will bring. Here are some of the highlights:

  • Added client side support for QUIC.
  • Added multiple tutorials on the OpenSSL library and in particular on writing various clients (using TLS and QUIC protocols) with libssl.
  • Added Raw Public Key (RFC7250) support.
  • Added support for certificate compression (RFC8879), including library support for Brotli and Zstandard compression.
  • Implemented Hybrid Public Key Encryption (HPKE) as defined in RFC9180.
  • The default SSL/TLS security level has been changed from 1 to 2.
  • Full support for provider-based/pluggable signature algorithms in TLS 1.3 operations as well as CMS and X.509 data structure support. With a suitable provider this fully enables use of post-quantum/quantum-safe cryptography.
  • Support for Argon2d, Argon2i, Argon2id KDFs has been added along with a basic thread pool implementation for select platforms.

A complete summary of the major new features and significant changes in OpenSSL 3.2 can be found in the NEWS file; a more detailed list of changes in OpenSSL 3.2 can be found in the CHANGES file on GitHub.

Please download OpenSSL 3.2 beta1 from here and let us know about any problems you encounter by opening an issue at our github page.

Feedback from the community, and your involvement in testing external applications against the next version of OpenSSL is crucial to the continued quality of the OpenSSL releases, please contact us at feedback@openssl.org or on GitHub Discussions

OpenSSL Adds Support for Raw Public Key (RFC7250)

,

Raw Public Keys have emerged as a component for securing communications between clients and servers. Raw Public Keys, as defined in RFC 7250, play a role in ensuring the confidentiality, integrity, and authenticity of data exchanged over the web. As a result OpenSSL will be adding support for Raw Public Keys in the upcoming OpenSSL 3.2.

Raw Public Keys are a cryptographic mechanism used in public key infrastructure (PKI) systems. They are a way of representing a public key without the associated digital certificate, which contains additional information like the owner’s identity, expiration date, and digital signatures from a certificate authority. This makes Raw Public Keys more lightweight and efficient, especially in resource-constrained environments.

Implementing HPKE in OpenSSL 3.2

,

The upcoming OpenSSL 3.2 will be implementing Hybrid Public Key Encryption (HPKE) into the library.

Hybrid Public Key Encryption (HPKE) is a cryptographic protocol defined in RFC 9180 (Request for Comments) that aims to provide a flexible and secure way to perform public key encryption in various scenarios. HPKE combines the security of public key encryption with the flexibility of using different key exchange methods and encryption schemes. This protocol is designed to be used in a wide range of applications, including securing communications over the internet and other networked environments.

Implementing HPKE in OpenSSL will help ensure that your public key encryption solution is both effective and reliable for securing data in various applications and environments for the following reasons:

OpenSSL FIPS 140 Update

,

In the ever-evolving landscape of cybersecurity, staying ahead of potential threats is crucial. The OpenSSL project has been at the forefront of cryptographic security for decades, providing a robust toolkit that enables encryption, decryption, and other cryptographic functions. In the continuous pursuit of enhancing security and regulatory compliance, we want to share our updated ambitious FIPS (Federal Information Processing Standards) plans.

New OpenSSL Tutorials for OpenSSL 3.2 Release

,

We will be releasing a series of new tutorials in the upcoming OpenSSL 3.2 release to help new users of OpenSSL get a quick start on developing applications using the OpenSSL libraries. They will also be helpful to users wanting to try out the new client side QUIC capabilities.

OpenSSL Project Update at ICMC 23

,

As you may know the OpenSSL Project recently attended ICMC 23 where we were given the opportunity to update our peers about the rapid fundamental changes the project has gone through in 2023.

To summarize here are the key takeaways from our presentation:

OpenSSL at ICMC 23

,

As a part of our mission to be more open and engaged with our community, OpenSSL is pleased to announce we will be attending the International Cryptographic Module Conference 2023 or ICMC 2023 in Ottawa, Canada this week. ICMC 23 is building on a decade of cybersecurity thought leadership as the industry faces widespread changes and emerging threats in commercial cryptography.