OpenSSL 4.0.0 Drops Old Protocols, Adds Post-Quantum Crypto
▼ Summary
– OpenSSL 4.0.0 removes long-deprecated features including SSLv3, the SSLv2 Client Hello, and the entire engine API for external cryptography.
– It adds support for Encrypted Client Hello (ECH) to encrypt the initial client connection message and includes new post-quantum cryptography features.
– Significant API changes require code updates, such as making ASN1_STRING opaque and deprecating several time comparison functions.
– Build changes disable support for deprecated elliptic curves by default and remove specific build targets like darwin-i386.
– The release introduces tooling updates, such as replacing the c_rehash script with `openssl rehash` and adding a FIPS self-test deferral option.
The release of OpenSSL 4.0.0 marks a significant step forward for the foundational cryptographic library, introducing critical security enhancements and phasing out legacy components that have long been considered vulnerabilities. This major version update enforces modern security practices by removing deprecated protocols, integrating post-quantum cryptography primitives, and implementing substantial API changes that will require developers to update their integrated applications.
A primary focus of this release is the elimination of outdated and insecure features. Support for the SSLv3 protocol, deprecated nearly a decade ago, has been completely removed. The library also strips out the SSLv2 Client Hello mechanism. Furthermore, the entire engine API, historically used to interface with external cryptographic hardware, is gone. This removal streamlines the codebase and enforces more secure, integrated cryptographic operations by default. Several other deprecated functions have been cut, including old EVP method structures, fixed version SSL/TLS functions, and specific error-state handling routines.
New capabilities are centered on enhancing privacy and future-proofing against advanced threats. The library now supports Encrypted Client Hello (ECH) as defined in RFC 9849. This crucial feature encrypts the initial client hello message during a TLS handshake, preventing passive observers from seeing which server a client intends to connect to, thereby bolstering user privacy. For the coming era of quantum computing, OpenSSL 4.0.0 adds support for new algorithms, including the hybrid key exchange group curveSM2MLKEM768 and the ML-DSA-MU digest. It also integrates the cSHAKE function and enables negotiated FFDHE key exchange in TLS 1.2 connections.
Integrators will need to review their code due to several impactful API and behavior changes. The ASN1STRING structure is now opaque, and many function signatures, particularly in X.509 certificate processing, have been updated with const qualifiers. A new function, X509checkcertificatetimes(), replaces several deprecated time comparison functions. The library’s cleanup mechanism has also been altered; OPENSSLcleanup() now runs in a global destructor instead of via atexit(), and the broken BIOfreliable() function has been removed without a direct replacement. Stricter enforcement is applied to certificate and CRL verification when the X509VFLAGX509_STRICT flag is set.
Build configurations and tooling have also been updated. Support for deprecated elliptic curves in TLS is now disabled at compile time by default, though it can be re-enabled. The legacy c_rehash script has been formally replaced by the openssl rehash command. For FIPS module installations, self-tests can be deferred using a new command-line option. The release drops build targets for older Darwin architectures and provides Windows developers with more control over Visual C++ runtime linkage.
This version represents a necessary evolution, prioritizing robust encryption standards and a streamlined, secure codebase for the future.
(Source: Help Net Security)