The OpenSSL Foundation (primarily focused on non-commercial communities) and the OpenSSL Corporation (primarily focused on commercial communities) are pleased to announce the formation of Business Advisory Committees (BAC), inviting our communities - Distributions, Committers, Small Businesses, Large Businesses, Individuals, and Academics - to actively engage in shaping the future of OpenSSL. These advisory bodies are critical in enhancing our governance structure, ensuring that the decisions reflect the diverse stakeholders involved and that our Mission and Values stay aligned with the community’s needs.
The final release of OpenSSL 3.4 is now live. We would like to thank all those who contributed to the OpenSSL 3.4 release, without whom OpenSSL would not be possible.
OpenSSL delivers the following significant new features:
Support for Integrity only cipher suites (RFC 9150)
JITTER RNG support via statically linked jitterentropy library
RFC 5755 Attribute Certificate support
FIPS indicators in support of FIPS 140-3 validation
Improved Base64 BIO input handling and error reporting
XOF Digest size reporting improvements
Windows Registry key-based directory lookup
Support for several X509v3 extensions
Support for position independent executables in the openssl app to support address space layout randomization
Please see the CHANGES.md file in the release for a full list of changes since OpenSSL 3.3
OpenSSL welcomes Amy Parker as the newest member of the
OpenSSL Foundation team. Amy joins us in the
newly created position of Chief Funding Officer, a fundraising role focused on
revenue generation through corporate sponsorship and other
charitable/non-commercial contributions. Funds raised will help the Foundation
continue to deliver on its mission of providing security and privacy tools to
everyone, everywhere.
A strategic leader with more than twenty years of senior-level fundraising
experience, Amy has worked for prestigious educational and cultural institutions
including the Wikimedia Foundation, Smithsonian Institution, The New York Public
Library, and the University of North Carolina at Chapel Hill. She has been part
of several record-setting fundraising campaigns, including the Smithsonian’s
first-ever comprehensive campaign, which raised over $1.8 billion, and the $2
billion Carolina First Campaign, which was one of the 5 largest campaigns in US
higher education at the time.
Our beta releases are considered feature complete for the release, meaning
that between now and the final release, only bug fixes are expected (if any).
Notable features of this release are available in NEWS.md
within the source tarball.
Beta releases are provided to our communities for testing and feedback
purposes. If you use OpenSSL, and particularly if you intend to upgrade to
OpenSSL 3.4 when it is released, we strongly encourage you to download this
beta release, and test it within whatever quality control mechanisms you
have, providing feedback via our GitHub issue page at
http://github.com/openssl/openssl/issues, so that we can address any
shortcomings prior to the final release
OpenSSL Corporation’s participation as a Silver Sponsor at the International Cryptographic Module Conference (ICMC) 18th - 20th September 2024 marked an important milestone in our continued commitment to advancing cryptographic technologies. As a critical player in secure communication, OpenSSL’s involvement highlighted our dedication to fostering collaboration, innovation, and security within the cryptographic community.
ICMC 2024 provided a valuable platform for industry leaders to engage in key discussions surrounding cryptographic standards, challenges, and innovations. Through our sponsorship, OpenSSL contributed to critical dialogues on post-quantum cryptography, regulatory compliance, and developing secure, open-source cryptographic solutions.
OpenSSL is sharing Lightship Security’s latest press release, highlighting the new partnership with the OpenSSL Corporation. Read the full release below:
Lightship Security, an Applus+ Laboratories company and a leading cryptographic security test lab, announces its agreement with the OpenSSL Corporation to provide FIPS 140-3 validation services for the OpenSSL cryptographic library.
The OpenSSL Corporation provides commercial support for users of the OpenSSL Library, a critical component of secure communications in enterprise technologies.
We would like to announce the release of the OpenSSL Performance Benchmarks Dashboard, designed
to track the impact of code changes on performance. The key focus of this dashboard is relative
performance so we can assess how various code modifications affect OpenSSL’s performance across
versions. This helps ensure that we’re aware of any potential performance impacts in advance,
allowing us to maintain or improve efficiency with each update.
You can explore the dashboard here:
OpenSSL Performance Benchmarks Dashboard.
Additionally, it can be conveniently accessed from the main menu of this site under the “Resources”
section.
Recently NIST published a number of post-quantum algorithm standards (ML-KEM,
ML-DSA, and SLH-DSA). With these new NIST publications, OpenSSL is now prepared
for implementation.
We’ve recently been receiving a lot of questions about these new standards so we
wanted to make our position clear:
We intend to implement support for these algorithms in our providers in a
future version of OpenSSL
We are currently putting together our project plans for this, stay tuned for
more information regarding timeline
We invite qualified and skilled individuals to help us implement these
algorithms and integrate them into OpenSSL in accordance with our standards and policies.
From early 2022 a research project made available a test vehicle enabling TLS1.3
and X.509 support for many pre-standard and other experimental post-quantum
algorithms via the OpenSSL provider interface, called
oqs-provider. Its primary
author and maintainer (Michael Baentsch) has now
joined the OpenSSL team with the goal to support an efficient, secure, smooth
and seamless integration of the now standardised post-quantum algorithms from
NIST into the OpenSSL code base. Many lessons learnt from the process of
building and integrating
oqs-provider into
downstream applications will be applied to this process.
Our Alpha releases are considered feature complete for the release, meaning
that between now and the final release, only bug fixes are expected (if any).
Notable features of this release are available in CHANGES.md within the source
tarball.
Alpha releases are provided to our communities for testing and feedback
purposes. If you use OpenSSL, and particularly if you intend to upgrade to
OpenSSL 3.4 when it is released, we strongly encourage you to download this
alpha release, and test it within whatever quality control mechanisms you
have, providing feedback via our GitHub issue page at
http://github.com/openssl/openssl/issues, so that we can address any
shortcomings prior to the final release