We are pleased to announce the immediate availability of OpenSSL 3.2.0. OpenSSL 3.2.0 is the first General Availability release of the OpenSSL 3.2 release line, and incorporates a number of new features, including:
- Client-side QUIC support, including support for multiple streams (RFC 9000)
- Certificate compression in TLS (RFC 8879), including support for zlib, zstd and Brotli
- Deterministic ECDSA (RFC 6979)
- Support for Ed25519ctx, Ed25519ph and Ed448ph (RFC 8032) in addition to existing support for Ed25519 and Ed448
- AES-GCM-SIV (RFC 8452)
- Argon2 (RFC 9106) and supporting thread pool functionality
- HPKE (RFC 9180)
- The ability to use raw public keys in TLS (RFC 7250)
- TCP Fast Open (RFC 7413) support, where supported by the OS
- Support for provider-based pluggable signature schemes in TLS, enabling third-party post-quantum and other algorithm providers to use those algorithms with TLS
- Support for Brainpool curves in TLS 1.3
- SM4-XTS
- Support for using the Windows system certificate store as a source of trusted root certificates. This is not yet enabled by default and must be activated using an environment variable. This is likely to become enabled by default in a future feature release.