Blog

OpenSSL is soliciting input on a hardening effort for our library. The details can be found here: https://github.com/openssl/openssl/discussions/24321

We are pleased to announce our upcoming webinar, Getting Started with QUIC and OpenSSL.

In this brief yet comprehensive session, we’ll dive into the basics of QUIC and guide you through implementing a simple client using the QUIC OpenSSL API. By the end of this webinar, you’ll have a solid grasp of creating a client application that connects to a server and receives data. Our demo client may be straightforward, but it serves as the perfect playground to explore and observe the QUIC protocol in action. Get ready to see QUIC in motion and discover the tools to monitor its performance effectively!

OpenSSL would like to announce the publication of the final report of a recent security audit conducted on the OpenSSL software library.

I’d like to give you a heads-up about some changes we’re making at OpenSSL. We’re simplifying how you can get our software, and that means we’re phasing out some older methods that don’t quite fit with the way the web works today.

We are pleased to announce the availability of a feature preview for our OpenSSL QUIC server functionality. This is an early technology preview which is being published to seek feedback from our communities.

This preview is now available in the feature/quic-server branch of the OpenSSL repository on GitHub. Those interested in providing early feedback on our QUIC server functionality are invited to download and build this branch.

It is important to note that this branch represents a prototype phase at this time and many aspects of the planned functionality are not yet implemented. In particular, only a very small subset of the full SSL API is currently implemented. This preview is being released to enable all of our communities to provide their feedback as part of the API design process and in order to validate our requirements prior to the finalisation of the API.

We are pleased to announce our upcoming webinar, Writing a TLS Client.

The final release of OpenSSL 3.3 is now live. This is the first release in accordance with our adoption of biannual time-based releases. We would like to thank all those who contributed to the OpenSSL 3.3 release, without whom, OpenSSL would not be possible.

OpenSSL 3.3 delivers the following new features:

• QUIC qlog diagnostic logging support
• Support for the non-blocking polling of multiple QUIC connections or stream objects
• Support for optimised generation of end-of-stream frames for QUIC connections
• Support for disabling QUIC event processing when making API calls
• Support for configuring QUIC idle timeout durations
• Support for querying the size and utilisation of a QUIC stream’s write buffer
• Support for RFC 9480 and RFC 9483 extensions to CMP
• Ability to disable OpenSSL usage of atexit(3) at build time
• Year 2038-compatible SSL_SESSION APIs
• Ability to automatically derive Chinese Remainder Theorem (CRT) parameters when requested
• Ability to ignore unknown algorithm names in TLS signature algorithm and group configuration strings
• Ability to configure a TLS 1.3 server to prefer PSK-only key exchange during session resumption
• Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multiple times with different output sizes.
• Added exporter for CMake on Unix and Windows, alongside the pkg-config exporter.
• And more. Please check out CHANGES.md for a full list of changes between OpenSSL 3.2 and OpenSSL 3.3.

OpenSSL 3.3 is a regular release, upon this final release a one-year Full Support period is initiated for regular releases. During this phase, bugs and security issues are addressed and fixed according to the Stable Release Updates Policy. Immediately after the Full Support phase ends, the Maintenance Support phase begins, lasting for one year. During this phase, the primary focus is on fixing security issues, although other bugs may be addressed at the discretion of OpenSSL engineering.

We are pleased to announce that we have successfully distributed nearly 100 limited edition T-shirts commemorating the 25th anniversary of OpenSSL’s existence.

We appreciate the support of all our communities, users, individual contributors and support customers, without which we would not be able to continue our mission and deliver on our open source values. These continue to drive the success and evolution of OpenSSL, and we couldn’t be more appreciative.

The beta release of OpenSSL 3.3 is now live. This release is in accordance with our adoption of biannual time-based releases. As this is a beta release, we consider this to be a release candidate and as such encourage all OpenSSL users to build and test against this beta release and provide feedback. It represents the second step in our planned release of OpenSSL 3.3. To view the full 3.3 release schedule please refer to this blog.

This year, we had the privilege of participating in FOSDEM for the first time. This offered us an opportunity to engage with the open source community at the conference, share our insights, and learn from the vast pool of knowledge that FOSDEM brings together.

FOSDEM, short for Free and Open Source Software Developers’ European Meeting, is an event that brings together thousands of open source developers, enthusiasts, and professionals from around the world. It’s a festival of knowledge, with workshops, talks, and sessions covering a myriad of topics from software development and security to hardware innovation and beyond.