The latest iteration of OpenSSL, version 3.3, has been officially rolled out, marking a significant milestone as the inaugural release under OpenSSL’s biannual time-based release strategy. The OpenSSL team extends its heartfelt gratitude to all contributors whose efforts have been instrumental in bringing OpenSSL 3.3 to fruition. Key enhancements introduced in OpenSSL 3.3 include: Provision […]
OpenSSL 3.3 Final Release is now live!
The latest iteration of OpenSSL, version 3.3, has been officially rolled out, marking a significant milestone as the inaugural release under OpenSSL’s biannual time-based release strategy. The OpenSSL team extends its heartfelt gratitude to all contributors whose efforts have been instrumental in bringing OpenSSL 3.3 to fruition.
Key enhancements introduced in OpenSSL 3.3 include:
- Provision of QUIC qlog diagnostic logging support
- Facilitation of non-blocking polling for multiple QUIC connections or stream objects
- Streamlined generation of end-of-stream frames for QUIC connections
- Option to disable QUIC event processing during API calls
- Customizable configuration for QUIC idle timeout durations
- Enhanced capability to ascertain the size and utilization of a QUIC stream’s write buffer
- Incorporation of RFC 9480 and RFC 9483 extensions to CMP
- Flexibility to deactivate OpenSSL usage of atexit(3) during build time
- Integration of SSL_SESSION APIs compatible with the year 2038
- Automated derivation of Chinese Remainder Theorem (CRT) parameters upon request
- Adaptability to accommodate unknown algorithm names in TLS signature algorithm and group configuration strings
- Configuration option for TLS 1.3 servers to prioritize PSK-only key exchange during session resumption
- Introduction of the EVP_DigestSqueeze() API, facilitating multiple squeezes with varied output sizes for SHAKE
- Inclusion of exporters for CMake on Unix and Windows platforms, alongside the pkg-config exporter
For a comprehensive overview of all modifications between OpenSSL 3.2 and OpenSSL 3.3, please refer to the CHANGES.md file.
OpenSSL 3.3 marks the commencement of a standard release cycle, initiating a one-year Full Support phase. During this period, our team diligently addresses bugs and security concerns in accordance with our Stable Release Updates Policy. Following the conclusion of the Full Support phase, the Maintenance Support phase commences, lasting another year, with a primary focus on rectifying security issues while addressing other pertinent bugs at our discretion.
OpenSSL 3.3 Download Pages for Fedora Linux
Looking Ahead to OpenSSL 3.4
Looking ahead, the forthcoming release, OpenSSL 3.4, is currently under the stewardship of Neil Horman (@nhorman). Detailed information regarding the release schedule can be accessed via the new OpenSSL Release Schedule board on GitHub.
For any bug reports or issues concerning OpenSSL, we encourage users to utilize our issue tracker, while queries pertaining to the utilization of OpenSSL 3.3 can be directed to GitHub Discussions.
How to Activate HTTP/2 with TLS 1.3 Encryption in NGINX for Secure Connections without a Performance Penalty
Are you ready for a better security with no performance penalty? Are you ready for a performance bump that can take you places in search engine land? In other words: now that HTTP/2 reached production-grade maturity, nothing should hold you back.
The IoT revolution will make sure that only the paranoid survive.
Is AWS sucking your budget dry? Strip it down to the nitty-gritty (without breaking stuff)
Once provisioned, forever forsaken… far too many cloud resources–be it IaaS, SaaS, PaaS, you name it, XaaS–may be uselessly nibbling away at your or your clients’ budget. Unless your goal is to tighten the belt by hook or by crook, you need a clear view of what is needed and what is not. Before you pull the plug, obviously.
How to attach and mount an NVMe EBS volume on EC2
The versatile advantages of NVMe are becoming increasingly apparent in modern storage systems. You can take advantage of them in the cloud.
SELinux security contexts: correcting SELinux labels on a file system
SELinux can be such a nuisance. In particular, if you have a newly created file system, you will need to add labels to it, also known as SELinux security contexts.
- 1
- 2
- 3
- …
- 18
- Next Page »