New OpenSSL 3.0.0 available

FireWind

Свой
Регистрация
2 Дек 2005
Сообщения
1,957
Реакции
1,199
Credits
4,009
New OpenSSL 3.0.0 available

Two new zips for Win32 and Win64 versions of OpenSSL 3.0.0 can now be downloadable from the Wiki at: Для просмотра ссылки Войди или Зарегистрируйся or Для просмотра ссылки Войди или Зарегистрируйся .

ICS V8.67 from SVN or the overnight zip is required to use 3.0 and later, due for final release in a few days. The ICS distribution will continue to include OpenSSL 1.1.1 for a while until 3.0 becomes better tested. Beware the ICS Jose unit currently gives errors with the Win64 platform, being investigated, Win32 platform is ok.

OpenSSL 3.0 is a major new release, primarily a lot of internal changes to ease long term support. There is an optional FIPS module with 3.0 but not available here since our DLLs are not built to standards required for certification. The old engines for special extensions are replaced by new more versatile providers of which the FIPS module is one, a provider legacy.dll contained in the distribution has obsolete ciphers and hash digests that most applications no longer need and which needs to loaded by the application.

For details of the changes in 3.0.0, see the release notes at: Для просмотра ссылки Войди или Зарегистрируйся

Highlights are:

* Implemented support for fully "pluggable" TLSv1.3 groups
* Added support for Kernel TLS (KTLS), Linux only
* Changed the license to the Apache License v2.0.
* Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider.
* Moved the EVP digests MD2, MD4, MDC2, WHIRLPOOL and RIPEMD-160 to the legacy provider.
* Added convenience functions for generating asymmetric key pairs.
* X509 certificates signed using SHA1 are no longer allowed at security level 1 or higher.
* Added a Certificate Management Protocol (CMP, RFC 4210) implementation.
* Added a proper HTTP client.
* Changed our version number scheme, major, minor, patch, so 3.0.0 (no patch letter)
* SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0.
* TLS 1.3 FFDHE key exchange support added
 
  • Like
Реакции: ZBEP