The final release of OpenSSL 3.3 is now live. This is the first release in accordance with our adoption of biannual time-based releases. We would like to thank all those who contributed to the OpenSSL 3.3 release, without whom, OpenSSL would not be possible.
OpenSSL 3.3 delivers the following new features:
QUIC qlog diagnostic logging support
Support for the non-blocking polling of multiple QUIC connections or stream objects
Support for optimised generation of end-of-stream frames for QUIC connections
Support for disabling QUIC event processing when making API calls
Support for configuring QUIC idle timeout durations
Support for querying the size and utilisation of a QUIC stream’s write buffer
Support for RFC 9480 and RFC 9483 extensions to CMP
Ability to disable OpenSSL usage of atexit(3) at build time
Year 2038-compatible SSL_SESSION APIs
Ability to automatically derive Chinese Remainder Theorem (CRT) parameters when requested
Ability to ignore unknown algorithm names in TLS signature algorithm and group configuration strings
Ability to configure a TLS 1.3 server to prefer PSK-only key exchange during session resumption
Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multiple times with different output sizes.
Added exporter for CMake on Unix and Windows, alongside the pkg-config exporter.
And more. Please check out CHANGES.md for a full list of changes between OpenSSL 3.2 and OpenSSL 3.3.
OpenSSL 3.3 is a regular release, upon this final release a one-year Full Support period is initiated for regular releases. During this phase, bugs and security issues are addressed and fixed according to the Stable Release Updates Policy. Immediately after the Full Support phase ends, the Maintenance Support phase begins, lasting for one year. During this phase, the primary focus is on fixing security issues, although other bugs may be addressed at the discretion of OpenSSL engineering.
We are pleased to announce that we have successfully distributed nearly 100 limited edition T-shirts commemorating the 25th anniversary of OpenSSL’s existence.
We appreciate the support of all our communities, users, individual contributors and support customers, without which we would not be able to continue our mission and deliver on our open source values. These continue to drive the success and evolution of OpenSSL, and we couldn’t be more appreciative.
The beta release of OpenSSL 3.3 is now live. This release is in accordance with our adoption of biannual time-based releases. As this is a beta release, we consider this to be a release candidate and as such encourage all OpenSSL users to build and test against this beta release and provide feedback. It represents the second step in our planned release of OpenSSL 3.3. To view the full 3.3 release schedule please refer to this blog.
This year, we had the privilege of participating in FOSDEM for the first time. This offered us an opportunity to engage with the open source community at the conference, share our insights, and learn from the vast pool of knowledge that FOSDEM brings together.
![Photo of OpenSSL FOSDEM 2024 attendees] (/images/blog/FOSDEM_24.jpg)
FOSDEM, short for Free and Open Source Software Developers’ European Meeting, is an event that brings together thousands of open source developers, enthusiasts, and professionals from around the world. It’s a festival of knowledge, with workshops, talks, and sessions covering a myriad of topics from software development and security to hardware innovation and beyond.
We are thrilled to announce our upcoming webinar, Writing Your First OpenSSL Application.
This webinar is designed to take you from an understanding of basic cryptography concepts to writing your first secure application using OpenSSL. It’s the perfect starting point for anyone looking to dive into the world of secure application development. Here’s what we’ll cover:
Define the use cases for which OpenSSL can be used
How to find documentation to learn how to use OpenSSL in applications
How to write applications using OpenSSL
How to test and verify functionality of OpenSSL applications
How to identify and fix bugs in OpenSSL applications
Q&A Session: Have your questions answered by our OpenSSL experts. This is a great opportunity to clear up any doubts and gain additional insights.
By the end of this presentation, the audience should be able to match their application needs to OpenSSL library features, find documentation to explain how to leverage those features, create applications using OpenSSL, and learn how to detect and understand errors that may arise.
The Alpha release of OpenSSL 3.3 is now live. This release is in accordance with our adoption of biannual time-based releases. As this is an alpha release, it is intended for development and testing purposes. It represents the first step in our planned release of OpenSSL 3.3. To view the full 3.3 release schedule please refer to this blog.
OpenSSL 3.3 will feature the following new features:
QUIC qlog diagnostic logging support
Support for the non-blocking polling of multiple QUIC connection or stream objects
Support for optimised generation of end-of-stream frames for QUIC connections
Support for disabling QUIC event processing when making API calls
Support for configuring QUIC idle timeout durations
Support for querying the size and utilisation of a QUIC stream’s write buffer
RCU lock infrastructure for performance enhancements
Support for RFC 9480 and RFC 9483 extensions to CMP
Ability to disable OpenSSL usage of atexit(3) at build time
Year 2038-compatible SSL_SESSION APIs
Ability to automatically derive Chinese Remainder Theorem (CRT) parameters when requested
Ability to ignore unknown algorithm names in TLS signature algorithm and group configuration strings
Ability to configure a TLS 1.3 server to prefer PSK-only key exchange during session resumption
No further features or API changes are planned for 3.3 beyond those listed above. We will not be accepting any additional features for 3.3; any unmerged feature PRs will now be considered for 3.4.
We are pleased to announce our schedule for the April release of OpenSSL 3.3. In
accordance with our adoption of biannual time-based releases following the
release of OpenSSL 3.2, this will be our first time-based release.
The release schedule is as follows:
An alpha of OpenSSL 3.3 will be made on 20 March 2024.
A beta of OpenSSL 3.3 will then be made on 29 March 2024.
The expected final release date for OpenSSL 3.3.0 is 10 April 2024.
Backup release dates are 17 April 2024 and 24 April 2024.
Exciting news in the world of online security! NetApp, an intelligent data infrastructure company, is now a Gold Sponsor of OpenSSL, showing their strong support for making the internet a safer place for everyone.
NetApp’s sponsorship brings valuable resources to OpenSSL, enabling the project to accelerate development, conduct thorough security audits, and ensure ongoing maintenance and support. In return, NetApp gains access to cutting-edge cryptographic technologies, contributing to the enhancement of its own security solutions and reinforcing its position as a leader in data management.
In the fast-paced world of cybersecurity, the ability to secure digital assets is paramount. We’re excited to announce our upcoming webinar, “Getting Started with OpenSSL,” which is designed to provide attendee’s with a solid foundation in using OpenSSL to enhance the security of their applications and systems. Join us for this webinar and learn all about OpenSSL’s purpose, features, and components.
Why Attend?
Empower Yourself: Gain practical skills to implement OpenSSL in your projects.
Community Engagement: Connect with a community of security-conscious individuals.
The OpenSSL project is pleased to announce an update to its FIPS 140-2
certificate #4282. The certificate now validates the FIPS
provider built from the 3.0.8 and 3.0.9 releases.