OpenSSL 3.3 Brings Extended QUIC Support and Advanced API Capabilities

OpenSSL 3.3 debuts with advanced QUIC features, improved API functions, new cryptographic options, and more.

The just-released new OpenSSL 3.3 version of this fundamental secure communications library introduces many features, optimizations, and enhancements to boost OpenSSL’s functionality, security, and efficiency. So, let’s take a look at them.

What’s New in OpenSSL 3.3?

  • Enhanced QUIC Protocol Support: OpenSSL 3.3 supports QUIC, a modern transport layer network protocol. Notable additions include qlog support for tracing QUIC connections, APIs for managing QUIC connection idle timeouts, stream creation, and disabling implicit QUIC event processing.
  • Improved Stream Handling and Connectivity: The introduction of SSL_write_ex2 API allows for optimized end-of-stream signaling within QUIC, complementing the new ability to query QUIC stream buffer sizes and utilization. This version also enables limited polling of QUIC connection and stream objects in non-blocking modes, further enhancing application responsiveness.
  • Cryptography Enhancements: OpenSSL 3.3 expands its cryptographic capabilities with several notable features. The new EVP_DigestSqueeze() API accommodates varying output sizes for SHAKE digest algorithms. Additionally, BLAKE2s hashing algorithm now supports configurable output lengths, mirroring BLAKE2b’s flexibility. Furthermore, EVP_PKEY_fromdata enhances key derivation functionalities, including support for Chinese Remainder Theorem parameters.
  • Build and Configuration Improvements: This release introduces an exporter for CMake on both Unix and Windows, facilitating easier integration and deployment. It also adds a new atexit configuration switch for managing OPENSSL_cleanup upon library unloading, alongside enhancements in provider activation and loading settings.
  • Security and Protocol Optimizations: OpenSSL 3.3 includes a range of optimizations aimed at various platforms, including Microsoft Azure Cobalt 100, ARM Neoverse, Apple Silicon M3, and RISC-V architectures. These optimizations ensure that OpenSSL remains at the forefront of performance and security across diverse hardware environments.
  • API and Functionality Refinements: Among the myriad of improvements, this release offers new APIs for session time management, ignoring unknown entries in TLS signature algorithms configurations, and managing X509 certificates more effectively in multi-threaded scenarios. Additionally, it introduces a limit on HTTP response headers to enhance client security.

Addressing Compatibility and Security

OpenSSL 3.3 also addresses potential compatibility issues and security concerns. It introduces checks for minimum input string lengths by ITU-T standards, adjusts the handling of configuration settings, and sets new limits for HTTP client headers. Moreover, it migrates the default hash function from MD5 to SHA256 for HMAC operations.

Bug Fixes and Beyond

This release tackles specific bugs, such as the upper bound limitation of the BIO_get_new_index() function, ensuring the OpenSSL remains reliable and robust. For developers and users keen on leveraging the new QUIC functionalities, the OpenSSL team encourages reviewing the QUIC README file, which offers valuable documentation and example code.

The detailed list of all changes in OpenSSL 3.3 can be found in the project’s changelog.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Think You're an Ubuntu Expert? Let's Find Out!

Put your knowledge to the test in our lightning-fast Ubuntu quiz!
Ten questions to challenge yourself to see if you're a Linux legend or just a penguin in the making.

1 / 10

Ubuntu is an ancient African word that means:

2 / 10

Who is the Ubuntu's founder?

3 / 10

What year was the first official Ubuntu release?

4 / 10

What does the Ubuntu logo symbolize?

5 / 10

What package format does Ubuntu use for installing software?

6 / 10

When are Ubuntu's LTS versions released?

7 / 10

What is Unity?

8 / 10

What are Ubuntu versions named after?

9 / 10

What's Ubuntu Core?

10 / 10

Which Ubuntu version is Snap introduced?

The average score is 68%