The upcoming OpenSSL 3.2 will be implementing Hybrid Public Key Encryption (HPKE) into the library.
Hybrid Public Key Encryption (HPKE) is a cryptographic protocol defined in RFC 9180 (Request for Comments) that aims to provide a flexible and secure way to perform public key encryption in various scenarios. HPKE combines the security of public key encryption with the flexibility of using different key exchange methods and encryption schemes. This protocol is designed to be used in a wide range of applications, including securing communications over the internet and other networked environments.
Implementing HPKE in OpenSSL will help ensure that your public key encryption solution is both effective and reliable for securing data in various applications and environments for the following reasons:
In the ever-evolving landscape of cybersecurity, staying ahead of potential threats is crucial. The OpenSSL project has been at the forefront of cryptographic security for decades, providing a robust toolkit that enables encryption, decryption, and other cryptographic functions. In the continuous pursuit of enhancing security and regulatory compliance, we want to share our updated ambitious FIPS (Federal Information Processing Standards) plans.
We will be releasing a series of new tutorials in the upcoming OpenSSL 3.2 release to help new users of OpenSSL get a quick start on developing applications using the OpenSSL libraries. They will also be helpful to users wanting to try out the new client side QUIC capabilities.
We are pleased to announce the immediate availability of OpenSSL 3.2 Alpha 1.
This release incorporates a number of new features, most notably:
Client-side QUIC support, including support for multiple streams (RFC 9000)
Certificate compression in TLS (RFC 8879), including support for zlib, zstd
and Brotli
Deterministic ECDSA (RFC 6979)
Support for Ed25519ctx, Ed25519ph, Ed448 and Ed448ph (RFC 8032)
in addition to existing support for Ed25519
AES-GCM-SIV (RFC 8452)
Argon2 (RFC 9106) and supporting thread pool functionality
HPKE (RFC 9180)
The ability to use raw public keys in TLS (RFC 7250)
TCP Fast Open (RFC 7413) support, where supported by the OS
Support for provider-based pluggable signature schemes in TLS,
enabling third-party post-quantum algorithm providers to use these algorithms
with TLS
Support for Brainpool curves in TLS 1.3
SM4-XTS
Support for using the Windows system certificate store as a source of trusted
root certificates. This is not yet enabled by default and must be activated
using an environment variable. This is likely to become enabled by default
in a future feature release.
OpenSSL is pleased to announce the imminent release of OpenSSL 3.2 Alpha 1
on the 7th September 2023.
As this will be an alpha release, it is intended for development and testing
purposes. It represents the first step in our planned release of OpenSSL 3.2.
Depending on the outcome of the alpha process, we hope to make a beta release as
soon as two weeks after Alpha 1 is released. When we do move to beta, this will
represent a feature freeze. Therefore, no new feature PRs will be accepted into
the 3.2 branch after this.
At OpenSSL, we’re always learning and taking small steps, informed by both fresh
ideas and the feedback we receive. Today, we’d like to share a couple of updates
we hope will make things clearer and more collaborative for our community.
These updates are part of our effort to align more closely with, and live by,
our Mission and Values.
Last week marked the public announcement of the
Downfall vulnerability in Intel CPUs and the
Inception vulnerability
in AMD CPUs. Both of these are microarchitectural side-channel attacks allowing
an attacker with unprivileged execution on the same physical core as a victim
process to extract confidential information from that process.
This blog post provides information and advice for users of OpenSSL.
Specifically, it provides information on how users of OpenSSL may be affected by
these vulnerabilities, and advice for users of OpenSSL on mitigation strategies.
From June 19-21, OpenSSL had a face-to-face event in Brno, Czech Republic, for OTC members and contributors. The event provided a valuable platform for productive meetings and discussions. The gathering brought together prominent individuals from the OpenSSL community, fostering robust and enlightening exchanges. This event served as a crucial opportunity for introspection and future planning, encouraging open dialogue on various facets of the OpenSSL project.