OpenSSL 3.2 library has been released

An update of the free, open-source OpenSSL 3.2 library has been released, which is used to ensure secure connections in computer networks.

Development of OpenSSL 3.2 lasted over 2 years, with over 4000 commits and contributions from 300 different authors.

Among the key features of OpenSSL 3.2 are:

• Compression of TLS certificates.
• Support for TCP Fast Open in Linux, FreeBSD, and macOS systems.
• Support for zlib, Brotli, Zstandard, and SM4-XTS.
• Support for the Argon2 KDF algorithm and the Thread Pool feature.

OpenSSL 3.2 now supports Hybrid Public Key Encryption (HPKE), TLS Raw Public Keys, client-side QUIC (server-side QUIC support will be available in OpenSSL 3.3-3.4), multithreading, digital signature algorithms such as Ed25519ctx, Ed25519ph, and Ed448ph, as well as deterministic ECDSA signatures and AES-GCM-SIV signatures.

In addition, OpenSSL 3.2 includes support for pluggable signature algorithms in TLS 1.3 with CMS and X.509 support, allowing for the use of post-quantum cryptography.

The default security level for SSL/TLS has been changed from 1 to 2. OpenSSL 3.2 also added support for using standard IANA names when configuring TLS ciphers, and implemented support for using the Windows certificate store as a source of trusted root certificates.

Several new features and improvements in CMP protocol support have been introduced. However, there are still some remaining issues, as noted by the OpenSSL developers. In particular, it is not possible to configure pluggable signature algorithms using the SignatureAlgorithms parameter in the configuration file.

The OpenSSL 3.2 release is available for download on the official website. It is recommended for all users to update to the latest version as soon as possible.