We are announcing a change in how communication and collaboration will take place within
the OpenSSL community. Effective August 1st, 2024, the OpenSSL mailing lists will migrate
to Google Groups. This transition is designed to streamline communication channels and
simplify our infrastructure.
Why the change?
Over the years, the combintation of Postfix and Mailman has served us well, but it’s time to move on
and explore better options. Google Groups offers several advantages that align with our goals:
Recently, some may have noticed issues (particularly old ones) in the openssl
repository have received an update, having the ‘inactive’ label applied to them
with a comment indicating that they will be closed at the end of the 3.4
development cycle. OpenSSL currently has almost 2000 outstanding issues in its
issue list, many of which have been sitting idle for multiple years. In an
effort to better plan and schedule work for the OpenSSL development team, it has
become increasingly clear that, to do so efficiently, the issue list must be
reduced, so as to better identify those issues which are impacting the larger
user base more visibly for planning purposes.
We are pleased to announce our upcoming webinar, Getting Started with QUIC and OpenSSL.
In this brief yet comprehensive session, we’ll dive into the basics of QUIC and guide you through implementing a simple client using the QUIC OpenSSL API. By the end of this webinar, you’ll have a solid grasp of creating a client application that connects to a server and receives data. Our demo client may be straightforward, but it serves as the perfect playground to explore and observe the QUIC protocol in action. Get ready to see QUIC in motion and discover the tools to monitor its performance effectively!
I’d like to give you a heads-up about some changes we’re making at OpenSSL. We’re simplifying how
you can get our software, and that means we’re phasing out some older methods that don’t quite fit
with the way the web works today.
We are pleased to announce the availability of a feature preview for our OpenSSL
QUIC server functionality. This is an early technology preview which is being
published to seek feedback from our communities.
This preview is now available in the feature/quic-server branch of
the OpenSSL repository on GitHub. Those interested in providing early feedback
on our QUIC server functionality are invited to download and build this branch.
It is important to note that this branch represents a prototype phase at this
time and many aspects of the planned functionality are not yet implemented. In
particular, only a very small subset of the full SSL API is currently
implemented. This preview is being released to enable all of our communities to
provide their feedback as part of the API design process and in order to
validate our requirements prior to the finalisation of the API.
The final release of OpenSSL 3.3 is now live. This is the first release in accordance with our adoption of biannual time-based releases. We would like to thank all those who contributed to the OpenSSL 3.3 release, without whom, OpenSSL would not be possible.
OpenSSL 3.3 delivers the following new features:
QUIC qlog diagnostic logging support
Support for the non-blocking polling of multiple QUIC connections or stream objects
Support for optimised generation of end-of-stream frames for QUIC connections
Support for disabling QUIC event processing when making API calls
Support for configuring QUIC idle timeout durations
Support for querying the size and utilisation of a QUIC stream’s write buffer
Support for RFC 9480 and RFC 9483 extensions to CMP
Ability to disable OpenSSL usage of atexit(3) at build time
Year 2038-compatible SSL_SESSION APIs
Ability to automatically derive Chinese Remainder Theorem (CRT) parameters when requested
Ability to ignore unknown algorithm names in TLS signature algorithm and group configuration strings
Ability to configure a TLS 1.3 server to prefer PSK-only key exchange during session resumption
Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multiple times with different output sizes.
Added exporter for CMake on Unix and Windows, alongside the pkg-config exporter.
And more. Please check out CHANGES.md for a full list of changes between OpenSSL 3.2 and OpenSSL 3.3.
OpenSSL 3.3 is a regular release, upon this final release a one-year Full Support period is initiated for regular releases. During this phase, bugs and security issues are addressed and fixed according to the Stable Release Updates Policy. Immediately after the Full Support phase ends, the Maintenance Support phase begins, lasting for one year. During this phase, the primary focus is on fixing security issues, although other bugs may be addressed at the discretion of OpenSSL engineering.