OpenSSL 3.2 Adds Support for TCP Fast Open on Linux, Argon2 KDF, and More

This release also adds AES-GCM-SIV support and changes the default SSL/TLS security level to 2 from 1.
OpenSSL 3.2

OpenSSL 3.2 has been released today as a major update to this powerful, open-source, cross-platform, and free software library that provides secure communications over computer networks for applications and websites.

Highlights of OpenSSL 3.2 include TCP Fast Open support on Linux, FreeBSD, and macOS systems, TLS certificate compression, including library support for zlib, Brotli, and Zstandard, SM4-XTS support, as well as Argon2 KDF support, along with supporting thread pool functionality.

It also adds client-side QUIC support and support for multiple streams, support for the Ed25519ctx, Ed25519ph, and Ed448ph digital signature algorithms, support for deterministic ECDSA signatures, AES-GCM-SIV support, Hybrid Public Key Encryption (HPKE) support, and support for TLS Raw Public Keys.

In addition, OpenSSL 3.2 adds support for provider-based pluggable signature algorithms in TLS 1.3 with supporting CMS and X.509 functionality to enable the use of post-quantum/quantum-safe cryptography and changes the default SSL/TLS security level to 2 from 1.

Last but not least, OpenSSL 3.2 adds support for using the IANA standard names in TLS ciphersuite configuration, adds multiple new features and improvements to CMP protocol support, and implements support for using the Windows system certificate store as a source of trusted root certificates.

The devs note the fact that there are some known issues in this OpenSSL release, such as the inability to configure provider-based signature algorithms using the SignatureAlgorithms configuration file parameter. For more details, check out the release notes.

OpenSSL 3.2 is available for download right now from the official website. All users, websites, and operating systems are recommended to upgrade to this release as soon as possible.

Last updated 3 months ago

Buy Me a Coffee at