OpenSSL 3.1 Series Release Notes

The major changes and known issues for the 3.1 branch of the OpenSSL toolkit are summarised below. The contents reflect the current state of the NEWS file inside the git repository. More details can be found in the ChangeLog.

Major changes between OpenSSL 3.1.6 and OpenSSL 3.1.7 [3 Sep 2024]

OpenSSL 3.1.7 is a security patch release. The most severe CVE fixed in this release is Moderate.

This release incorporates the following bug fixes and mitigations:

  • Fixed possible denial of service in X.509 name checks ([CVE-2024-6119])
  • Fixed possible buffer overread in SSL_select_next_proto() ([CVE-2024-5535])

Major changes between OpenSSL 3.1.5 and OpenSSL 3.1.6 [4 Jun 2024]

  • Fixed potential use after free after SSL_free_buffers() is called ([CVE-2024-4741])
  • Fixed an issue where checking excessively long DSA keys or parameters may be very slow ([CVE-2024-4603])
  • Fixed unbounded memory growth with session handling in TLSv1.3 ([CVE-2024-2511])

Major changes between OpenSSL 3.1.4 and OpenSSL 3.1.5 [30 Jan 2024]

  • Fixed PKCS12 Decoding crashes ([CVE-2024-0727])
  • Fixed Excessive time spent checking invalid RSA public keys ([CVE-2023-6237])
  • Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC CPUs which support PowerISA 2.07 ([CVE-2023-6129])
  • Fix excessive time spent in DH check / generation with large Q parameter value ([CVE-2023-5678])

Major changes between OpenSSL 3.1.3 and OpenSSL 3.1.4 [24 Oct 2023]

  • Mitigate incorrect resize handling for symmetric cipher keys and IVs. ([CVE-2023-5363])

Major changes between OpenSSL 3.1.2 and OpenSSL 3.1.3 [19 Sep 2023]

  • Fix POLY1305 MAC implementation corrupting XMM registers on Windows ([CVE-2023-4807])

Major changes between OpenSSL 3.1.1 and OpenSSL 3.1.2 [1 Aug 2023]

  • Fix excessive time spent checking DH q parameter value ([CVE-2023-3817])
  • Fix DH_check() excessive time with over sized modulus ([CVE-2023-3446])
  • Do not ignore empty associated data entries with AES-SIV ([CVE-2023-2975])
  • When building with the `enable-fips` option and using the resulting FIPS provider, TLS 1.2 will, by default, mandate the use of an extended master secret and the Hash and HMAC DRBGs will not operate with truncated digests.

Major changes between OpenSSL 3.1.0 and OpenSSL 3.1.1 [30 May 2023]

  • Mitigate for very slow `OBJ_obj2txt()` performance with gigantic OBJECT IDENTIFIER sub-identities. ([CVE-2023-2650])
  • Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms ([CVE-2023-1255])
  • Fixed documentation of X509_VERIFY_PARAM_add0_policy() ([CVE-2023-0466])
  • Fixed handling of invalid certificate policies in leaf certificates ([CVE-2023-0465])
  • Limited the number of nodes created in a policy tree ([CVE-2023-0464])

Major changes between OpenSSL 3.0 and OpenSSL 3.1.0 [14 Mar 2023]

  • SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0.
  • Performance enhancements and new platform support including new assembler code algorithm implementations.
  • Deprecated LHASH statistics functions.
  • FIPS 140-3 compliance changes.