The OpenSSL project is pleased to announce an update to its FIPS 140-2 certificate #4282. The certificate now validates the FIPS provider built from the 3.0.8 and 3.0.9 releases.
OpenSSL 3.1 FIPS Module Has Been Submitted for Validation
On 2023-12-29 we have submitted our FIPS 140-3 validation report to NIST’s Cryptographic Module Validation Program (CMVP).
This in no way impacts our existing FIPS 140-2 certificate which remains valid and will be maintained until its sunset date in September 2026.
OpenSSL's Official Youtube Channel
We are thrilled to announce a major leap forward in our efforts to connect with the community and share valuable insights—OpenSSL now has its own YouTube channel! As a significant milestone in our commitment to transparency, education, and open-source collaboration, this channel will serve as a hub for engaging content, tutorials, and updates straight from the heart of OpenSSL.
What to Expect:
Tutorial Series: Get ready for in-depth tutorials covering a wide range of topics, from OpenSSL basics to advanced usage scenarios. Whether you’re a seasoned developer or just starting, our tutorials will cater to all skill levels.
Security Insights: Stay informed about the latest in cybersecurity with our security-focused videos. Explore best practices, industry trends, and the evolving landscape of digital security.
Subscribe Now: Be among the first to experience the excitement by subscribing to our YouTube channel: @OpenSSL_.
Launch Video: To kick things off, we’ve uploaded all the presentations from our most recent Provider Workshops Users and Authors Track. Watch them here and let us know your thoughts in the comments!
Get Involved: We want this channel to be a collaborative space where the community actively participates. Share your thoughts, suggestions, and ideas for future videos in the comments section or reach out to us at feedback@openssl.org.
Stay Connected: Follow us on Twitter and LinkedIn for real-time updates and announcements related to the YouTube channel.
We are incredibly excited about this new venture and can’t wait to embark on this journey of knowledge sharing and community engagement with all of you. Thank you for your continued support!
Happy watching!
OpenSSL 25 Year Anniversary T-Shirt Giveaway
We are thrilled to announce a special celebration in honor of OpenSSL’s 25th anniversary! Two and a half decades of commitment to security, reliability, and open-source collaboration have made OpenSSL an indispensable tool in the world of digital communication.
To express our gratitude to the incredible community that has supported us throughout the years, we are hosting an exclusive T-Shirt Giveaway! The first 75 people to participate will receive a limited edition OpenSSL 25th-anniversary T-shirt as a token of our appreciation.
How to Participate:
Fill out the entry form with your full name, phone, email, address, and shirt size so we can verify your participation and send you your t-shirt.
Giveaway Details:
Prize: Limited edition OpenSSL 25th-anniversary T-shirt. Quantity: The first 75 participants who complete all the steps. Deadline: Submissions open December 20, 2023 and close January 30, 2024 or when we hit 75 participants.
Winners Announcement:
We will notify the recipient via email. Make sure to keep an eye on your inbox and follow us for updates!
Thank you for being a vital part of the OpenSSL journey. Your continued support has made OpenSSL what it is today, and we are excited to celebrate this milestone with you.
Here’s to 25 years of open-source excellence and many more to come!
Contact us at feedback@openssl.org if you have any questions or comments
OpenSSL Providers Workshop: Authors Track
Part two of the OpenSSL Providers Workshop is next week! We have divided the workshop into two tracks the Users Track and the Authors Track. Please join us next week for part two of the workshop: Live OpenSSL Providers Workshop: Authors Track. As with the Users Track, we will be hosting two sessions of the Authors Track at different times to allow people from different time zones to be able to join our workshops live.
The Authors Track will cover how to write your own OpenSSL provider. This session will assume some basic knowledge about what OpenSSL providers are and how to use them (such as might be obtained from attending the “Users Track” session). It will be split into 4 separate presentations by OpenSSL Engineers. There will be opportunities to ask questions after each talk, as well as at the end where there will be an open forum for any questions or feedback not covered by the individual presentations.
Learn more and register in advance for the workshop here (please choose the time zone that works best for you):
Session 1: Americas and EMEA Time Zone
When: Dec 11, 2023 04:00 PM Universal Time UTC Register in advance for this webinar: https://zoom.us/webinar/register/WN_2UqTPnrxQjyUJOzUxOj77w
Session 2: APAC Time Zone
When: Dec 12, 2023 07:00 AM Universal Time UTC Register in advance for this webinar: https://zoom.us/webinar/register/WN_LNFArIEmQmqbmiLdSuOdOA
After registering, you will receive a confirmation email containing information about joining the webinar.
Contact us at feedback@openssl.org or on GitHub Discussions if you have any questions or comments
OpenSSL Providers Workshop: Users Track
The long anticipated OpenSSL Providers Workshop is finally here! We have divided the workshop into two tracks the Users Track and the Authors Track. Please join us next week for part one of the workshop: Live OpenSSL Providers Workshop: Users Track. Due to world wide interest, we will be hosting two sessions of the Users Track at different times to allow people from different time zones to be able to join our workshops live.
The Users Track will cover how to use OpenSSL providers. It will be split into 3 separate presentations by OpenSSL Engineers. There will be opportunities to ask questions after each talk, as well as at the end where there will be an open forum for any questions or feedback not covered by the individual presentations.
Learn more and register in advance for the workshop here(please choose the time zone that works best for you):
APAC Time Zone:
When: Dec 6, 2023 07:00 AM Universal Time UTC Register in advance: https://zoom.us/webinar/register/WN_8ZPx5nkpTEG1fYLWH-StbQ
Americas and EMEA Time Zone:
When: Dec 7, 2023 04:00 PM Universal Time UTC Register in advance: https://zoom.us/webinar/register/WN_jta40RLSTTei9OF8CINjCA
After registering, you will receive a confirmation email containing information about joining the webinar.
Stay tuned for news about part two of the OpenSSL Providers Workshop: Authors Track.
Contact us at feedback@openssl.org or on GitHub Discussions if you have any questions or comments
OpenSSL Announces Final Release of OpenSSL 3.2.0
We are pleased to announce the immediate availability of OpenSSL 3.2.0. OpenSSL 3.2.0 is the first General Availability release of the OpenSSL 3.2 release line, and incorporates a number of new features, including:
- Client-side QUIC support, including support for multiple streams (RFC 9000)
- Certificate compression in TLS (RFC 8879), including support for zlib, zstd and Brotli
- Deterministic ECDSA (RFC 6979)
- Support for Ed25519ctx, Ed25519ph and Ed448ph (RFC 8032) in addition to existing support for Ed25519 and Ed448
- AES-GCM-SIV (RFC 8452)
- Argon2 (RFC 9106) and supporting thread pool functionality
- HPKE (RFC 9180)
- The ability to use raw public keys in TLS (RFC 7250)
- TCP Fast Open (RFC 7413) support, where supported by the OS
- Support for provider-based pluggable signature schemes in TLS, enabling third-party post-quantum and other algorithm providers to use those algorithms with TLS
- Support for Brainpool curves in TLS 1.3
- SM4-XTS
- Support for using the Windows system certificate store as a source of trusted root certificates. This is not yet enabled by default and must be activated using an environment variable. This is likely to become enabled by default in a future feature release.
OpenSSL 3.2 Final Release Postponed
As part of the OpenSSL project’s commitment to deliver a secure and high quality cryptography toolkit, we routinely apply fuzzing to the OpenSSL codebase, which searches automatically for potential bugs in upcoming OpenSSL releases. This fuzzing process runs continuously and on an ongoing basis and as such, bugs can be identified by our fuzzing infrastructure at any time.
Due to a small number of bugs which have been identified by the ongoing use of fuzzing, the OpenSSL Project has made the decision to postpone the final release of OpenSSL 3.2 by at least a week. While we have promptly fixed all bugs presently identified by fuzzing, to ensure the quality of OpenSSL 3.2, we do not intend to make the final release until all issues identified by fuzzing have been addressed and no new issues are found for one week. As a result, we have pushed the full release of OpenSSL 3.2 to the 23rd November 2023. Please stay tuned to our blog for more details on the matter.
In the meantime, the OpenSSL 3.2 Beta is currently available. We encourage all OpenSSL users to build and test against the beta release and provide feedback.
OpenSSL 3.2 will be our last release before we transition to a time-based release schedule on a 6-month cadence, with regular feature releases in October and April each year.
A complete summary of the major new features and significant changes in OpenSSL 3.2 can be found in the NEWS file; a more detailed list of changes in OpenSSL 3.2 can be found in the CHANGES file on GitHub.
Please download OpenSSL 3.2 beta1 from here and let us know about any problems you encounter by opening an issue at our GitHub page.
Feedback from the community and your involvement in testing external applications against the next version of OpenSSL is crucial to the continued quality of the OpenSSL releases. Please get in touch with us at feedback@openssl.org or on GitHub Discussions
Expected OpenSSL 3.2 Release Date
The OpenSSL Project is excited to announce that OpenSSL 3.2 is expected to be fully released on 16th November, 2023.
In the meantime the OpenSSL 3.2 Beta is currently available. We encourage all OpenSSL users to build and test against the beta release and provide feedback.
OpenSSL 3.2 will be our last release before we transition to a time-based release schedule on a 6-month cadence, with regular feature releases in October and April each year.
A complete summary of the major new features and significant changes in OpenSSL 3.2 can be found in the NEWS file; a more detailed list of changes in OpenSSL 3.2 can be found in the CHANGES file on GitHub.
Please download OpenSSL 3.2 beta1 from here and let us know about any problems you encounter by opening an issue at our github page.
Feedback from the community and your involvement in testing external applications against the next version of OpenSSL is crucial to the continued quality of the OpenSSL releases. Please contact us at feedback@openssl.org or on GitHub Discussions
OpenSSL 3.2 Release Candidate
The OpenSSL Project is excited to announce our first beta release of OpenSSL 3.2. We consider this to be a release candidate and as such encourage all OpenSSL users to build and test against this beta release and provide feedback.
The code for OpenSSL 3.2 is now functionally complete and at the time of the beta release there were no outstanding known regressions that need to be fixed before the final release. A lot of work has been going on over the last few months getting OpenSSL 3.2 ready for its final release and we want to send thanks to everyone who has helped us.
Our plans for issuing the final release have been postponed. We now plan to release by the end of November 2023. Following this, we will transition to a time-based release schedule on a 6-month cadence, with regular feature releases in October and April each year.
We are nearing the finishing line and are excited about the many new features and changes that OpenSSL 3.2 will bring. Here are some of the highlights:
- Added client side support for QUIC.
- Added multiple tutorials on the OpenSSL library and in particular on writing various clients (using TLS and QUIC protocols) with libssl.
- Added Raw Public Key (RFC7250) support.
- Added support for certificate compression (RFC8879), including library support for Brotli and Zstandard compression.
- Implemented Hybrid Public Key Encryption (HPKE) as defined in RFC9180.
- The default SSL/TLS security level has been changed from 1 to 2.
- Full support for provider-based/pluggable signature algorithms in TLS 1.3 operations as well as CMS and X.509 data structure support. With a suitable provider this fully enables use of post-quantum/quantum-safe cryptography.
- Support for Argon2d, Argon2i, Argon2id KDFs has been added along with a basic thread pool implementation for select platforms.
A complete summary of the major new features and significant changes in OpenSSL 3.2 can be found in the NEWS file; a more detailed list of changes in OpenSSL 3.2 can be found in the CHANGES file on GitHub.
Please download OpenSSL 3.2 beta1 from here and let us know about any problems you encounter by opening an issue at our github page.
Feedback from the community, and your involvement in testing external applications against the next version of OpenSSL is crucial to the continued quality of the OpenSSL releases, please contact us at feedback@openssl.org or on GitHub Discussions