Cryptography and SSL/TLS Toolkit

Project Roadmap 2016-2018

First issued 7th October 2016
Last modified 20th December 2017

This document is the OpenSSL project roadmap. It is a living document and is expected to change over time. Objectives and dates should be considered aspirational.

Table of Contents:

  1. Objectives
  2. Forthcoming Features


Some of these objectives can be achieved more easily and quickly than others.

TLS 1.3

Interoperable implementation of client and server side of the protocol (Timescale: Next feature release - 1.1.1)


Updated cryptographic module (Timescale: Next feature release - after 1.1.1)

Issues Backlog

  1. Manage all newly submitted issues in a timely manner. An initial classification occurs within two weeks. (Timescale: Now)
  2. Reduce over time the existing issues backlog. This may include the mass closure of very old tickets, such as those raised before the release of any currently supported version. (Timescale: Ongoing)

Incomplete/incorrect documentation

  1. All new public API will be documented (Timescale: Now).
  2. Provide improved documentation for all of the public SSL APIs (excluding deprecated APIs) (Timescale: Within one year).

Improved testing

  1. 67% coverage as measured by Coveralls (Timescale: Within one year).
  2. Significantly improved TLS protocol-level testing (Timescale: Next feature release).

Platform Strategy

  1. Classify all the platforms known by Configure according to the platform policy (Timescale: Next feature release)
  2. Publish the build and test status for each platform (Timescale: Next feature release)

Forthcoming Features

The primary focus of the next feature release (1.1.1) is TLS 1.3.

The primary focus of the immediately following feature release (after 1.1.1) is FIPS.

We are also evaluating the following new features.

  • New AEAD API
  • SHA3
  • X25519 performance improvements
  • New IETF signature algorithms
  • PKCS#11
  • PRNG replacement
  • ASN.1 encoder/decoder replacement
  • STORE (certificate, crl, key storage API)
  • Replace CAPI with newer API engine