After three years of development and 19 test issues took place Library Release OpenSSL 3.0.0 With the implementation of SSL / TLS protocols and various encryption algorithms. The new branch includes changes that violate backward compatibility at the API and ABI level, but the changes will not affect To work most applications, for the translation of which with OpenSSL 1.1.1 is sufficient rebeling. Support for last branch OpenSSL 1.1.1 will be carried out until September 2023.
Significant change of the version number is associated with the transition to
Traditional numbering “major.minor.patch”. The first digit (Major) in the version number will be changed only when compatibility is violated at the API / ABI level, and the second (minor) when increasing the functionality without changing API / ABI. Corrective updates will be delivered with a change in the third digit (PATCH). Number 3.0.0 immediately after 1.1.1 is selected to avoid intersections with the FIPS-module to OpenSSL, for which 2.x numbering was applied.
Second Vadny for the project changed with a double license
(OpenSSL and SSleay) on the APACHE 2.0 license. Previously, the OpenSSL’s own license was based on the text of the outdated APACHE 1.0 license and required an obvious reference to OpenSSL in promotional materials when using OpenSSL libraries, as well as adding a special note in the event of an OpenSSL supplied in the product.
Such requirements made an old license incompatible with GPL, which created difficulties when using OpenSSL in projects with a GPL license. To bypass this incompatibility, GPL projects were forced to apply specific license agreements in which the basic text GPL was complemented by an item explicitly allowing the binding of an application with the OpenSSL library and mention that the GPL requirements do not apply to binding from OpenSSL.
Compared to OpenSSL 1.1.1 branch in OpenSSL 3.0.0 Added more
7,500 changes prepared by 350 developers. The main innovations OpenSSL 3.0.0:
- A new FIPS module is proposed, which includes the implementation of cryptographic algorithms that meet the security standard FIPS 140-2 (this month It is planned to begin the process of certification of the module, receiving the FIPS 140-2 certificate is expected to next year). The new module is much easier to use and connect to many applications will not be more difficult to change the configuration file. By default, the FIPS module is disabled and requires you to specify the Enable-FIPS option for activation.
- in libcrypto