OpenSSL 3.0 has been released
Version 3.0 of OpenSSL has been released after three years of development. The development team has made quite a few changes to the popular SSL and TLS toolkit. It is therefore not fully backwards compatible with previous releases.
OpenSSL 3.0.0 was preceded by 17 alpha releases, two beta releases, and more than 7,500 commits and contributions from more than 350 developers, Matt Caswell of the OpenSSL Project reports. Compared to the previous version, OpenSSL 1.1.1, which appeared in 2018, the available documentation has increased by 94 percent and the amount of code by 54 percent, he says.
One of the changes is that OpenSSL is now covered by an Apache License v2 instead of its own OpenSSL or SSLeay license. New is the ‘provider’ concept, where users can specify which provider they want to use for applications and these providers make available algorithm implementations such as cryptographic modules. There are five providers by default and one of them is for the US government standard FIPS, or Federal Information Processing Standards. Third parties can also make providers available that can hook into OpenSSL.
The OpenSSL team reports all changes that have been made in an extensive changelog. Because this is a major release, applications running an older version of OpenSSL must be recompiled. In addition, warnings can be shown about deprecated APIs. The majority of applications that worked with OpenSSL 1.1.1 should function unmodified with version 3.0.0 anyway, although changes may need to be made in some cases, according to the OpenSSL Project.
OpenSSL was initially scheduled to release in 2019, but the release was delayed more than once.