Skip to main content

OpenSSL 3.2 Introduces Client-Side QUIC and SSL/TLS Security Level 2 as Default

OpenSSL 3.2, the latest major update to the widely-used cryptography and SSL/TLS project, has been released. This update brings numerous new features and improvements to the library.

Some of the key highlights of the OpenSSL 3.2 release include:

  • The default SSL/TLS security level has been increased from 1 to 2, enhancing security for users.
  • Support for client-side QUIC has been added, including multi-stream support. QUIC is a general-purpose transport layer network protocol initially developed by Google and later adopted by the IETF. While OpenSSL 3.2 only offers client-side QUIC support, the plan for OpenSSL 3.3~3.4 over the next year is to further enhance this QUIC implementation.
  • The addition of support for Ed25519ctx, Ed25519ph, and Ed448p.
  • Deterministic ECDSA signatures are now supported.
  • TCP Fast Open is now supported on Linux, macOS, and FreeBSD where available.
  • TLS certificate compression is now supported with Zlib, Brotli, and Zstd.
  • On Windows, support has been added for using the Windows system certificate store as a source of trusted root certificates, although it is not enabled by default.
  • Additional enhancements include support for SM4-XTS, AES-GCM-SIV, Argon2 KDF, Brainpool curves in TLS 1.3, TLS Raw Public Keys, and various other additions.

For downloads and further details on the OpenSSL 3.2 release, visit the official OpenSSL website.

Source: Phoronix.