OpenSSL 3.0 Has Been Released!
After 3 years of development work, 17 alpha releases, 2 beta releases, over
7,500 commits and contributions from over 350 different authors we have finally
released OpenSSL 3.0! In addition to this there has been a large number of
contributions from our users who have been actively working with the pre-release
versions to test it, make sure it works in the real world and with a large array
of different applications and reporting their results. I am also delighted to
note that there has been a 94% increase in the amount of documentation that we
have since OpenSSL 1.1.1 and an (adjusted) increase in the “lines of code” in
our tests of 54%. There has never been a better demonstration of what an active
and enthusiastic community we have than when you look at the statistics for the
OpenSSL 3.0 development work. Thanks to everyone who has taken part – no matter
how small that part was.
The OpenSSL project is fortunate to have had a number of full time engineers who
worked towards OpenSSL 3.0, financed in a number of ways. We would like to
extend thanks to all the companies that have support contracts with us; have
sponsored specific features such as FIPS; the companies that provide sponsorship
donations; and the organisations
and individuals who donate through
GitHub sponsors. Without your help, we
would not be where we are today.
Please download OpenSSL 3.0 from here and
upgrade your applications to work with it. OpenSSL 3.0 is a major release and
not fully backwards compatible with the previous release. Most applications that
worked with OpenSSL 1.1.1 will still work unchanged and will simply need to be
recompiled (although you may see numerous compilation warnings about using
deprecated APIs). Some applications may need to make changes to compile and work
correctly, and many applications will need to be changed to avoid the
deprecations warnings. We have put together a
migration guide
to describe the major differences in OpenSSL 3.0 compared to previous releases.
API functions that have been deprecated will eventually be removed from OpenSSL
in some future release, so it is recommended that applications be updated to
use alternative APIs to avoid these deprecated functions. Refer to the
migration guide for information on alternatives.
OpenSSL 3.0 introduces a number of new concepts that application developers and
users of OpenSSL should be aware of. An overview of the key concepts in
libcrypto is available in the
libcrypto manual
page.
A key feature of OpenSSL 3.0 is the new FIPS module. Our lab is testing the
module and pulling together the paperwork for our FIPS 140-2 validation now. We
expect that to be submitted later this month. The final certificate is not
expected to be issued until next year.
Using the the new FIPS module in your applications can be as simple as making
some configuration file changes, although many applications will need to make
other changes. The FIPS module
manual page
provides information on how to use the FIPS module in your applications.
Also worthy of note is the new license. From OpenSSL 3.0 we have transitioned to
the Apache License 2.0.
The old “dual” OpenSSL and SSLeay licenses still apply to older versions (1.1.1
and earlier).
Please let us know how you get on with OpenSSL 3.0. If you encounter problems
then please feel free to raise bug reports
here.OpenSSL BlogRead More