OpenSSL 4.0.0 removes several long-deprecated features, adds support for Encrypted Client Hello, and introduces API-level changes that will require code updates for applications built against older versions.
SSLv3, SSLv2 client hello, and engines are gone
SSLv3 support has been removed. The protocol was deprecated in 2015, and OpenSSL had it disabled by default since version 1.1.0 in 2016. Support for the SSLv2 Client Hello has also been removed.
The engine API, which provided a mechanism for integrating external cryptographic hardware and software implementations, has been removed entirely. The no-engine build option and the OPENSSL_NO_ENGINE macro are now always present. Deprecated custom EVP_CIPHER, EVP_MD, EVP_PKEY, and EVP_PKEY_ASN1 methods have also been cut, along with deprecated fixed SSL/TLS version method functions and the error-state functions ERR_get_state(), ERR_remove_state(), and ERR_remove_thread_state().
Encrypted Client Hello and post-quantum additions
The release adds support for Encrypted Client Hello (ECH) per RFC 9849, which allows the client hello message to be encrypted so passive observers cannot read the server name a client is connecting to.
On the post-quantum side, the release adds the hybrid key exchange group curveSM2MLKEM768, the ML-DSA-MU digest algorithm, the cSHAKE function per NIST SP 800-185, and support for negotiated FFDHE key exchange in TLS 1.2 per RFC 7919.
API and behavior changes that affect integrators
ASN1_STRING has been made opaque. Signatures across a range of API functions, including those used in X.509 processing, now include const qualifiers where applicable. The functions X509_cmp_time(), X509_cmp_current_time(), and X509_cmp_timeframe() have been deprecated in favor of X509_check_certificate_times().
libcrypto no longer cleans up globally allocated data via atexit(). OPENSSL_cleanup() now runs in a global destructor, or not at all by default. BIO_f_reliable() has been removed with no replacement, having been broken since the 3.0 release.
When X509_V_FLAG_X509_STRICT is set, AKID verification checks are now enforced, and the CRL verification process has received additional checks. Lower bounds checks are now enforced when using PKCS5_PBKDF2_HMAC with the FIPS provider.
Build and tooling changes
Support for deprecated elliptic curves in TLS per RFC 8422 and support for explicit EC curves are both disabled at compile time by default, with configuration options available to re-enable each. Build targets for darwin-i386 and darwin-ppc variants have been dropped.
The c_rehash script has been removed in favor of openssl rehash. FIPS self-tests can now be deferred using the -defer_tests option of openssl fipsinstall. On Windows, the release adds support for choosing between static and dynamic Visual C++ runtime linkage.
OpenSSL 4.0.0 is available on GitHub.
Must read:
Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!
