OpenSSL 3.4 Introduces New APIs, FIPS Updates

OpenSSL 3.4 brings new cryptographic features, including integrity-only cipher suites for TLS 1.3, ECC optimizations, and FIPS provider updates.

OpenSSL has released version 3.4, which introduces some important modifications and is potentially incompatible with OpenSSL 3.3 in some cases.

Among the major changes, the “TS_VERIFY_CTX_set_*” functions have been deprecated in favor of new “TS_VERIFY_CTX_set0_*” replacements, which promise improved semantics.

Windows users will also see a redesign in how OPENSSLDIR, ENGINESDIR, and MODULESDIR directories are usedโ€”these locations can now be defined at runtime using registry keys, as opposed to the previous build-time configuration.

Other changes include updates to the SHAKE-128 and SHAKE-256 algorithms. These now require an explicit setting of their output length, making them unusable with “EVP_DigestFinal/_ex()” without setting the “xoflen” parameter. Meanwhile, the X25519 and X448 key exchange implementations in the FIPS provider are currently unapproved, flagged with a “fips=no” property.

The deprecation train continues, with functions like “SSL_SESSION_get_time(),” “SSL_SESSION_set_time(),” and “SSL_CTX_flush_sessions()” being replaced by their respective “_ex” variants, which are designed to be Y2038-safe for platforms that support Y2038-safe time types.

There is also a change to how renegotiation is handled in TLS client hellosโ€”for connections with minimum TLS versions greater than 1.0, an empty renegotiation extension will be used instead of the empty renegotiation SCSV.

OpenSSL 3.4 also introduces several new features. Notably, it adds support for directly fetched composite signature algorithms, such as RSA-SHA2-256, with corresponding new API functions. This release also expands FIPS indicators in the FIPS provider, preparing for future FIPS 140-3 validation requirements.

RFC 9579 (PBMAC1) support has been added for PKCS#12, and the release includes an optional additional random seed source in the form of RNG JITTER, enabled through a statically linked jitterentropy library. In addition, new options “-not_before” and “-not_after” provide explicit ways to set the start and end dates for certificates created using the req and x509 commands.

Regarding TLS 1.3, OpenSSL now supports integrity-only cipher suites TLS_SHA256_SHA256 and TLS_SHA384_SHA384. Thereโ€™s also support for CRL requests in CMP, additional X.509v3 extensions linked to Attribute Certificates, and initial support for Attribute Certificates per RFC 5755.

Lastly, a noteworthy addition for performance optimization is the ability to customize ECC group initialization using precomputed values, which the P-256 implementation now leverages to reduce CPU usage.

The release’s changelog contains a detailed list of all changes in OpenSSL 3.4.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Think You're an Ubuntu Expert? Let's Find Out!

Put your knowledge to the test in our lightning-fast Ubuntu quiz!
Ten questions to challenge yourself to see if you're a Linux legend or just a penguin in the making.

1 / 10

Ubuntu is an ancient African word that means:

2 / 10

Who is the Ubuntu's founder?

3 / 10

What year was the first official Ubuntu release?

4 / 10

What does the Ubuntu logo symbolize?

5 / 10

What package format does Ubuntu use for installing software?

6 / 10

When are Ubuntu's LTS versions released?

7 / 10

What is Unity?

8 / 10

What are Ubuntu versions named after?

9 / 10

What's Ubuntu Core?

10 / 10

Which Ubuntu version is Snap introduced?

The average score is 69%