The Newest Update in Cryptographic Community – OpenSSL 3.0

The much anticipated release of OpenSSL 3.0 - open-source cryptographic toolkit - has finally happened last week and brings new possibilities and challenges to their users.

17 September 2021

As announced by Matt Caswell – a developer on the OpenSSL Project – in his blog post on September 7th: 

“After 3 years of development work, 17 alpha releases, 2 beta releases, over 7,500 commits and contributions from over 350 different authors we have finally released OpenSSL 3.0!” 

New to OpenSSL?

For those who are not yet familiar with OpenSSL, it is an open-source full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, which also functions as a general-purpose cryptography library. 

What to expect from the 3.0?

According to the Caswell, the 3.0 version introduces several new concepts with the main focus on the new FIPS module. 

“A key feature of OpenSSL 3.0 is the new FIPS module. Our lab is testing the module and pulling together the paperwork for our FIPS 140-2 validation now. We expect that to be submitted later this month. The final certificate is not expected to be issued until next year,” says Caswell. 

Developer also warns that as a major release OpenSSL 3.0 is not fully backwards compatible with the previous release. 

“Some applications may need to make changes to compile and work correctly, and many applications will need to be changed to avoid the deprecations warnings,” suggests Caswell. 

For more detailed information check out the full article: 

OpenSSL 3.0 Has Been Released! by Matt Caswell