Blog

The OpenSSL Foundation (primarily focused on non-commercial communities) and the OpenSSL Corporation (primarily focused on commercial communities) are pleased to announce the formation of Business Advisory Committees (BAC), inviting our communities - Distributions, Committers, Small Businesses, Large Businesses, Individuals, and Academics - to actively engage in shaping the future of OpenSSL. These advisory bodies are critical in enhancing our governance structure, ensuring that the decisions reflect the diverse stakeholders involved and that our Mission and Values stay aligned with the community’s needs.

The final release of OpenSSL 3.4 is now live. We would like to thank all those who contributed to the OpenSSL 3.4 release, without whom OpenSSL would not be possible.

OpenSSL 3.4 beta 1 has now been made available.

Our beta releases are considered feature complete for the release, meaning that between now and the final release, only bug fixes are expected (if any). Notable features of this release are available in NEWS.md within the source tarball.

OpenSSL Corporation’s participation as a Silver Sponsor at the International Cryptographic Module Conference (ICMC) 18^th - 20^th September 2024 marked an important milestone in our continued commitment to advancing cryptographic technologies. As a critical player in secure communication, OpenSSL’s involvement highlighted our dedication to fostering collaboration, innovation, and security within the cryptographic community.

OpenSSL is sharing Lightship Security’s latest press release, highlighting the new partnership with the OpenSSL Corporation. Read the full release below:

Lightship Security, an Applus+ Laboratories company and a leading cryptographic security test lab, announces its agreement with the OpenSSL Corporation to provide FIPS 140-3 validation services for the OpenSSL cryptographic library.

Recently NIST published a number of post-quantum algorithm standards (ML-KEM, ML-DSA, and SLH-DSA). With these new NIST publications, OpenSSL is now prepared for implementation.

We’ve recently been receiving a lot of questions about these new standards so we wanted to make our position clear:

Recently, OpenSSL proposed the deprecation of TLS 1.0/1.1 and solicited community feedback on the idea.

Feedback on the proposal was generally split down the middle, with half of the respondents indicating immediate depreciation with near-term removal was acceptable, while the remainder of the respondents with affirmative opinions noted that they represent, or know of products whose environment disallowed updating to TLS1.2 or later, and would need to re-enable the deprecated features for the foreseeable future.

OpenSSL 3.4 alpha 1 has now been made available.

Our Alpha releases are considered feature complete for the release, meaning that between now and the final release, only bug fixes are expected (if any). Notable features of this release are available in CHANGES.md within the source tarball.