Key Features in OpenSSH 9.9

The latest iteration of OpenSSL, version 3.3, has been officially rolled out, marking a significant milestone as the inaugural release under OpenSSL’s biannual time-based release strategy. The OpenSSL team extends its heartfelt gratitude to all contributors whose efforts have been instrumental in bringing OpenSSL 3.3 to fruition.

Key enhancements introduced in OpenSSL 3.3 include:

• Provision of QUIC qlog diagnostic logging support
• Facilitation of non-blocking polling for multiple QUIC connections or stream objects
• Streamlined generation of end-of-stream frames for QUIC connections
• Option to disable QUIC event processing during API calls
• Customizable configuration for QUIC idle timeout durations
• Enhanced capability to ascertain the size and utilization of a QUIC stream’s write buffer
• Incorporation of RFC 9480 and RFC 9483 extensions to CMP
• Flexibility to deactivate OpenSSL usage of atexit(3) during build time
• Integration of SSL_SESSION APIs compatible with the year 2038
• Automated derivation of Chinese Remainder Theorem (CRT) parameters upon request
• Adaptability to accommodate unknown algorithm names in TLS signature algorithm and group configuration strings
• Configuration option for TLS 1.3 servers to prioritize PSK-only key exchange during session resumption
• Introduction of the EVP_DigestSqueeze() API, facilitating multiple squeezes with varied output sizes for SHAKE
• Inclusion of exporters for CMake on Unix and Windows platforms, alongside the pkg-config exporter

For a comprehensive overview of all modifications between OpenSSL 3.2 and OpenSSL 3.3, please refer to the CHANGES.md file.

OpenSSL 3.3 marks the commencement of a standard release cycle, initiating a one-year Full Support phase. During this period, our team diligently addresses bugs and security concerns in accordance with our Stable Release Updates Policy. Following the conclusion of the Full Support phase, the Maintenance Support phase commences, lasting another year, with a primary focus on rectifying security issues while addressing other pertinent bugs at our discretion.

OpenSSL 3.3 Download Pages for Fedora Linux

Fedora Rawhide – 3.2.1-6.fc41

Fedora 40 – 3.2.1-2.fc40

Fedora 39 3.1.1-4.fc39

Fedora 38 3.0.9-2.fc38

Looking Ahead to OpenSSL 3.4

Looking ahead, the forthcoming release, OpenSSL 3.4, is currently under the stewardship of Neil Horman (@nhorman). Detailed information regarding the release schedule can be accessed via the new OpenSSL Release Schedule board on GitHub.

For any bug reports or issues concerning OpenSSL, we encourage users to utilize our issue tracker, while queries pertaining to the utilization of OpenSSL 3.3 can be directed to GitHub Discussions.