OpenSSL 4.0 Alpha 1 Released

The first alpha release of OpenSSL 4.0 is now available for testing. This new version includes several significant changes compared to previous versions.

Key Changes

OpenSSL 4.0 drops support for the SSLv3 protocol, which has been deprecated for more than a decade. OpenSSL engines, an architecture that allowed the integration of hardware accelerators and alternative cryptographic implementations, are also removed.

Among the new features, the introduction of Encrypted Client Hello (ECH) stands out, a technology that aims to improve user privacy by encrypting a part of the initial TLS (Transport Layer Security) negotiation. This prevents network observers from identifying the server a client is trying to connect to.

Implications

The abandonment of SSLv3 is an important step for security, as this protocol is vulnerable to several attacks. The removal of OpenSSL engines may require changes to existing configurations for those who used them. The introduction of ECH represents a significant improvement for user privacy.