The first alpha release of OpenSSL 4.0 is now available for testing. With OpenSSL 3.0 they are removing support for SSLv3 that has been deprecated for over one decade while also dropping OpenSSL engines and other removals while also adding in some new features.
OpenSSL 4.0 does away with a lot of old code for this widely used library. On the new feature side, OpenSSL 4.0 is adding support for TLS Encrypted Client Hello (a.k.a. RFC 9849). Encrypted Client Hello is a security feature for TLS that allows encrypting the initial handshake’s Client Hello message to hide the Server Name Indication so that destination hostnames are not leaked. ECH is a replacement for Encrypted Server Name Indication (ESNI).
OpenSSL 4.0 is also adding support for the RFC 8998 signature algorithm, cSHAKE function support, ML-DSA-MU digest algorithm support, and support for SNMP KDF and SRTP KDF.
Downloads and more details on today’s OpenSSL 4.0 Alpha 1 release via GitHub.
