We are pleased to announce the immediate availability of OpenSSL 3.2.0. OpenSSL
3.2.0 is the first General Availability release of the OpenSSL 3.2 release line,
and incorporates a number of new features, including:
- Client-side QUIC support, including support for multiple streams (RFC 9000)
- Certificate compression in TLS (RFC 8879), including support for zlib, zstd
and Brotli - Deterministic ECDSA (RFC 6979)
- Support for Ed25519ctx, Ed25519ph and Ed448ph (RFC 8032)
in addition to existing support for Ed25519 and Ed448 - AES-GCM-SIV (RFC 8452)
- Argon2 (RFC 9106) and supporting thread pool functionality
- HPKE (RFC 9180)
- The ability to use raw public keys in TLS (RFC 7250)
- TCP Fast Open (RFC 7413) support, where supported by the OS
- Support for provider-based pluggable signature schemes in TLS,
enabling third-party post-quantum and other algorithm providers to use those
algorithms with TLS - Support for Brainpool curves in TLS 1.3
- SM4-XTS
- Support for using the Windows system certificate store as a source of trusted
root certificates. This is not yet enabled by default and must be activated
using an environment variable. This is likely to become enabled by default
in a future feature release.
A complete summary of the major new features and significant changes in OpenSSL
3.2 can be found in the NEWS file; a more detailed list of changes in OpenSSL
3.2 can be found in the CHANGES file on GitHub.
Users interested in using the new QUIC functionality are encouraged to read the
README file for QUIC, which provides links to relevant documentation and
example code.
OpenSSL 3.2.0 can be downloaded as a source tarball here or obtained
from our release tag on GitHub. Checksums and release signatures may be found
on the Downloads page.
The next feature release after OpenSSL 3.2 will be OpenSSL 3.3, which will be
released no later than 30 April 2024. This release
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: