OpenSSL Blog

OpenSSL 3.2 Release Candidate

,

The OpenSSL Project is excited to announce our first beta release of OpenSSL 3.2. We consider this to be a release candidate and as such encourage all OpenSSL users to build and test against this beta release and provide feedback.

The code for OpenSSL 3.2 is now functionally complete and at the time of the beta release there were no outstanding known regressions that need to be fixed before the final release. A lot of work has been going on over the last few months getting OpenSSL 3.2 ready for its final release and we want to send thanks to everyone who has helped us.

Our plans for issuing the final release have been postponed. We now plan to release by the end of November 2023. Following this, we will transition to a time-based release schedule on a 6-month cadence, with regular feature releases in October and April each year.

We are nearing the finishing line and are excited about the many new features and changes that OpenSSL 3.2 will bring. Here are some of the highlights:

  • Added client side support for QUIC.
  • Added multiple tutorials on the OpenSSL library and in particular on writing various clients (using TLS and QUIC protocols) with libssl.
  • Added Raw Public Key (RFC7250) support.
  • Added support for certificate compression (RFC8879), including library support for Brotli and Zstandard compression.
  • Implemented Hybrid Public Key Encryption (HPKE) as defined in RFC9180.
  • The default SSL/TLS security level has been changed from 1 to 2.
  • Full support for provider-based/pluggable signature algorithms in TLS 1.3 operations as well as CMS and X.509 data structure support. With a suitable provider this fully enables use of post-quantum/quantum-safe cryptography.
  • Support for Argon2d, Argon2i, Argon2id KDFs has been added along with a basic thread pool implementation for select platforms.

A complete summary of the major new features and significant changes in OpenSSL 3.2 can be found in the NEWS file; a more detailed list of changes in OpenSSL 3.2 can be found in the CHANGES file on GitHub.

Please download OpenSSL 3.2 beta1 from here and let us know about any problems you encounter by opening an issue at our github page.

Feedback from the community, and your involvement in testing external applications against the next version of OpenSSL is crucial to the continued quality of the OpenSSL releases, please contact us at feedback@openssl.org or on GitHub Discussions

Comments