OpenSSL 3.2 was released this morning as the latest major update to this widely-used cryptography and SSL/TLS project.
OpenSSL 3.2 introduces many new features and improvements for this very important library. Among the OpenSSL 3.2 release highlights are:
– The default SSL/TLS security level has been increased from 1 to 2.
– Support for client-side QUIC. including multi-stream support. QUIC is the general purpose transport layer network protocol that was developed by Google and since adopted by the IETF. With OpenSSL 3.2 is only the client-side QUIC support while for OpenSSL 3.3~3.4 over the next year they aim to further complete this QUIC implementation.
– Support for Ed25519ctx, Ed25519ph and Ed448p.
– Support for deterministic ECDSA signatures.
– Support for TCP Fast Open on Linux, macOS, and FreeBSD where supported.
– Support for TLS certificate compression with Zlib, Brotli, and Zstd.
– On Windows is now support for using the Windows system certificate store as a source of trusted root certificates but is not yet enabled by default.
– Support for SM4-XTS, AES-GCM-SIV, Argon2 KDF, Brainpool curves in TLS 1.3, TLS Raw Public Keys, and various other additions.
Downloads and more details on the OpenSSL 3.2 release can be found via OpenSSL.org[1].
References
- ^ OpenSSL.org (www.openssl.org)