Jump to content
Angus Robertson

New OpenSSL 3.0.0 available

Recommended Posts

Two new zips for Win32 and Win64 versions of OpenSSL 3.0.0 can now be downloadable from the Wiki at: http://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/ma?g?ics.asp .

 

ICS V8.67 from SVN or the overnight zip is required to use 3.0 and later, due for final release in a few days. The ICS distribution will continue to include OpenSSL 1.1.1 for a while until 3.0 becomes better tested. Beware the ICS Jose unit currently gives errors with the Win64 platform, being investigated, Win32 plafform is ok.

 

OpenSSL 3.0 is a major new release, primarily a lot of internal changes to ease long term support. There is an optional FIPS module with 3.0 but not available here since our DLLs are not built to standards required for certification. The old engines for special extensions are replaced by new more versatile providers of which the FIPS module is one, a provider legacy.dll contained in the distribution has obsolete ciphers and hash digests that most applications no longer need and which needs to loaded by the application.

 

For details of the changes in 3.0.0, see the release notes at: https://www.openssl.org/news/openssl-3.0-notes.html

 

Highlights are:

 

* Implemented support for fully "pluggable" TLSv1.3 groups
* Added support for Kernel TLS (KTLS), Linux only
* Changed the license to the Apache License v2.0.
* Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider.
* Moved the EVP digests MD2, MD4, MDC2, WHIRLPOOL and RIPEMD-160 to the legacy provider.
* Added convenience functions for generating asymmetric key pairs.
* X509 certificates signed using SHA1 are no longer allowed at security level 1 or higher.
* Added a Certificate Management Protocol (CMP, RFC 4210) implementation.
* Added a proper HTTP client.
* Changed our version number scheme, major, minor, patch, so 3.0.0 (no patch letter)
* SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0.
* TLS 1.3 FFDHE key exchange support added

 

Angus

 

  • Like 1
  • Thanks 2

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×