On 2023-12-29 we have submitted our FIPS 140-3 validation report to NIST’s Cryptographic Module Validation Program (CMVP).
This in no way impacts our existing FIPS 140-2 certificate which remains valid and will be maintained until its sunset date in September 2026.
We are thrilled to announce a major leap forward in our efforts to connect with the community and share valuable insights—OpenSSL now has its own YouTube channel! As a significant milestone in our commitment to transparency, education, and open-source collaboration, this channel will serve as a hub for engaging content, tutorials, and updates straight from the heart of OpenSSL.
What to Expect:
Tutorial Series: Get ready for in-depth tutorials covering a wide range of topics, from OpenSSL basics to advanced usage scenarios. Whether you’re a seasoned developer or just starting, our tutorials will cater to all skill levels.
We are thrilled to announce a special celebration in honor of OpenSSL’s 25th anniversary! Two and a half decades of commitment to security, reliability, and open-source collaboration have made OpenSSL an indispensable tool in the world of digital communication.
To express our gratitude to the incredible community that has supported us throughout the years, we are hosting an exclusive T-Shirt Giveaway! The first 75 people to participate will receive a limited edition OpenSSL 25th-anniversary T-shirt as a token of our appreciation.
Part two of the OpenSSL Providers Workshop is next week! We have divided the workshop into two tracks the Users Track and the Authors Track. Please join us next week for part two of the workshop: Live OpenSSL Providers Workshop: Authors Track. As with the Users Track, we will be hosting two sessions of the Authors Track at different times to allow people from different time zones to be able to join our workshops live.
The long anticipated OpenSSL Providers Workshop is finally here! We have divided the workshop into two tracks the Users Track and the Authors Track. Please join us next week for part one of the workshop: Live OpenSSL Providers Workshop: Users Track. Due to world wide interest, we will be hosting two sessions of the Users Track at different times to allow people from different time zones to be able to join our workshops live.
We are pleased to announce the immediate availability of OpenSSL 3.2.0. OpenSSL 3.2.0 is the first General Availability release of the OpenSSL 3.2 release line, and incorporates a number of new features, including:
As part of the OpenSSL project’s commitment to deliver a secure and high quality cryptography toolkit, we routinely apply fuzzing to the OpenSSL codebase, which searches automatically for potential bugs in upcoming OpenSSL releases. This fuzzing process runs continuously and on an ongoing basis and as such, bugs can be identified by our fuzzing infrastructure at any time.
Due to a small number of bugs which have been identified by the ongoing use of fuzzing, the OpenSSL Project has made the decision to postpone the final release of OpenSSL 3.2 by at least a week. While we have promptly fixed all bugs presently identified by fuzzing, to ensure the quality of OpenSSL 3.2, we do not intend to make the final release until all issues identified by fuzzing have been addressed and no new issues are found for one week. As a result, we have pushed the full release of OpenSSL 3.2 to the 23rd November 2023. Please stay tuned to our blog for more details on the matter.
The OpenSSL Project is excited to announce that OpenSSL 3.2 is expected to be fully released on 16th November, 2023.
In the meantime the OpenSSL 3.2 Beta is currently available. We encourage all OpenSSL users to build and test against the beta release and provide feedback.
OpenSSL 3.2 will be our last release before we transition to a time-based release schedule on a 6-month cadence, with regular feature releases in October and April each year.
The OpenSSL Project is excited to announce our first beta release of OpenSSL 3.2. We consider this to be a release candidate and as such encourage all OpenSSL users to build and test against this beta release and provide feedback.
The code for OpenSSL 3.2 is now functionally complete and at the time of the beta release there were no outstanding known regressions that need to be fixed before the final release. A lot of work has been going on over the last few months getting OpenSSL 3.2 ready for its final release and we want to send thanks to everyone who has helped us.
Raw Public Keys have emerged as a component for securing communications between clients and servers. Raw Public Keys, as defined in RFC 7250, play a role in ensuring the confidentiality, integrity, and authenticity of data exchanged over the web. As a result OpenSSL will be adding support for Raw Public Keys in the upcoming OpenSSL 3.2.
Raw Public Keys are a cryptographic mechanism used in public key infrastructure (PKI) systems. They are a way of representing a public key without the associated digital certificate, which contains additional information like the owner’s identity, expiration date, and digital signatures from a certificate authority. This makes Raw Public Keys more lightweight and efficient, especially in resource-constrained environments.