In the fast-paced world of cybersecurity, the ability to secure digital assets is paramount. We’re excited to announce our upcoming webinar, “Getting Started with OpenSSL,” which is designed to provide attendee’s with a solid foundation in using OpenSSL to enhance the security of their applications and systems. Join us for this webinar and learn all about OpenSSL’s purpose, features, and components.

Why Attend? Empower Yourself: Gain practical skills to implement OpenSSL in your projects. Community Engagement: Connect with a community of security-conscious individuals.

Save the Date: 📅 Date: Feb 06, 2024 🕒 Time: 08:00 AM Pacific Time (US and Canada 📍 Location: https://zoom.us/webinar/register/WN_GWqOVe4FRZC-IctgLzmpBQ

Secure your spot now and embark on a journey to unlock the secrets of OpenSSL. Don’t miss this opportunity to enhance your cybersecurity knowledge. Register today and stay one step ahead in safeguarding your digital assets!

The OpenSSL project is pleased to announce an update to its FIPS 140-2 certificate #4282. The certificate now validates the FIPS provider built from the 3.0.8 and 3.0.9 releases.

On 2023-12-29 we have submitted our FIPS 140-3 validation report to NIST’s Cryptographic Module Validation Program (CMVP).

This in no way impacts our existing FIPS 140-2 certificate which remains valid and will be maintained until its sunset date in September 2026.

We are thrilled to announce a major leap forward in our efforts to connect with the community and share valuable insights—OpenSSL now has its own YouTube channel! As a significant milestone in our commitment to transparency, education, and open-source collaboration, this channel will serve as a hub for engaging content, tutorials, and updates straight from the heart of OpenSSL.

What to Expect:

Tutorial Series: Get ready for in-depth tutorials covering a wide range of topics, from OpenSSL basics to advanced usage scenarios. Whether you’re a seasoned developer or just starting, our tutorials will cater to all skill levels.

Security Insights: Stay informed about the latest in cybersecurity with our security-focused videos. Explore best practices, industry trends, and the evolving landscape of digital security.

Subscribe Now: Be among the first to experience the excitement by subscribing to our YouTube channel: @OpenSSL_.

Launch Video: To kick things off, we’ve uploaded all the presentations from our most recent Provider Workshops Users and Authors Track. Watch them here and let us know your thoughts in the comments!

Get Involved: We want this channel to be a collaborative space where the community actively participates. Share your thoughts, suggestions, and ideas for future videos in the comments section or reach out to us at feedback@openssl.org.

Stay Connected: Follow us on Twitter and LinkedIn for real-time updates and announcements related to the YouTube channel.

We are incredibly excited about this new venture and can’t wait to embark on this journey of knowledge sharing and community engagement with all of you. Thank you for your continued support!

Happy watching!

We are thrilled to announce a special celebration in honor of OpenSSL’s 25th anniversary! Two and a half decades of commitment to security, reliability, and open-source collaboration have made OpenSSL an indispensable tool in the world of digital communication.

To express our gratitude to the incredible community that has supported us throughout the years, we are hosting an exclusive T-Shirt Giveaway! The first 75 people to participate will receive a limited edition OpenSSL 25th-anniversary T-shirt as a token of our appreciation.

How to Participate:

Fill out the entry form with your full name, phone, email, address, and shirt size so we can verify your participation and send you your t-shirt.

Giveaway Details:

Prize: Limited edition OpenSSL 25th-anniversary T-shirt. Quantity: The first 75 participants who complete all the steps. Deadline: Submissions open December 20, 2023 and close January 30, 2024 or when we hit 75 participants.

Winners Announcement:

We will notify the recipient via email. Make sure to keep an eye on your inbox and follow us for updates!

Thank you for being a vital part of the OpenSSL journey. Your continued support has made OpenSSL what it is today, and we are excited to celebrate this milestone with you.

Here’s to 25 years of open-source excellence and many more to come!

Contact us at feedback@openssl.org if you have any questions or comments

Part two of the OpenSSL Providers Workshop is next week! We have divided the workshop into two tracks the Users Track and the Authors Track. Please join us next week for part two of the workshop: Live OpenSSL Providers Workshop: Authors Track. As with the Users Track, we will be hosting two sessions of the Authors Track at different times to allow people from different time zones to be able to join our workshops live.

The Authors Track will cover how to write your own OpenSSL provider. This session will assume some basic knowledge about what OpenSSL providers are and how to use them (such as might be obtained from attending the “Users Track” session). It will be split into 4 separate presentations by OpenSSL Engineers. There will be opportunities to ask questions after each talk, as well as at the end where there will be an open forum for any questions or feedback not covered by the individual presentations.

Learn more and register in advance for the workshop here (please choose the time zone that works best for you):

Session 1: Americas and EMEA Time Zone

When: Dec 11, 2023 04:00 PM Universal Time UTC Register in advance for this webinar: https://zoom.us/webinar/register/WN_2UqTPnrxQjyUJOzUxOj77w

Session 2: APAC Time Zone

When: Dec 12, 2023 07:00 AM Universal Time UTC Register in advance for this webinar: https://zoom.us/webinar/register/WN_LNFArIEmQmqbmiLdSuOdOA

After registering, you will receive a confirmation email containing information about joining the webinar.

Contact us at feedback@openssl.org or on GitHub Discussions if you have any questions or comments

The long anticipated OpenSSL Providers Workshop is finally here! We have divided the workshop into two tracks the Users Track and the Authors Track. Please join us next week for part one of the workshop: Live OpenSSL Providers Workshop: Users Track. Due to world wide interest, we will be hosting two sessions of the Users Track at different times to allow people from different time zones to be able to join our workshops live.

The Users Track will cover how to use OpenSSL providers. It will be split into 3 separate presentations by OpenSSL Engineers. There will be opportunities to ask questions after each talk, as well as at the end where there will be an open forum for any questions or feedback not covered by the individual presentations.

Learn more and register in advance for the workshop here(please choose the time zone that works best for you):

APAC Time Zone:

When: Dec 6, 2023 07:00 AM Universal Time UTC Register in advance: https://zoom.us/webinar/register/WN_8ZPx5nkpTEG1fYLWH-StbQ

Americas and EMEA Time Zone:

When: Dec 7, 2023 04:00 PM Universal Time UTC Register in advance: https://zoom.us/webinar/register/WN_jta40RLSTTei9OF8CINjCA

After registering, you will receive a confirmation email containing information about joining the webinar.

Stay tuned for news about part two of the OpenSSL Providers Workshop: Authors Track.

Contact us at feedback@openssl.org or on GitHub Discussions if you have any questions or comments

We are pleased to announce the immediate availability of OpenSSL 3.2.0. OpenSSL 3.2.0 is the first General Availability release of the OpenSSL 3.2 release line, and incorporates a number of new features, including:

• Client-side QUIC support, including support for multiple streams (RFC 9000)
• Certificate compression in TLS (RFC 8879), including support for zlib, zstd and Brotli
• Deterministic ECDSA (RFC 6979)
• Support for Ed25519ctx, Ed25519ph and Ed448ph (RFC 8032) in addition to existing support for Ed25519 and Ed448
• AES-GCM-SIV (RFC 8452)
• Argon2 (RFC 9106) and supporting thread pool functionality
• HPKE (RFC 9180)
• The ability to use raw public keys in TLS (RFC 7250)
• TCP Fast Open (RFC 7413) support, where supported by the OS
• Support for provider-based pluggable signature schemes in TLS, enabling third-party post-quantum and other algorithm providers to use those algorithms with TLS
• Support for Brainpool curves in TLS 1.3
• SM4-XTS
• Support for using the Windows system certificate store as a source of trusted root certificates. This is not yet enabled by default and must be activated using an environment variable. This is likely to become enabled by default in a future feature release.

As part of the OpenSSL project’s commitment to deliver a secure and high quality cryptography toolkit, we routinely apply fuzzing to the OpenSSL codebase, which searches automatically for potential bugs in upcoming OpenSSL releases. This fuzzing process runs continuously and on an ongoing basis and as such, bugs can be identified by our fuzzing infrastructure at any time.

Due to a small number of bugs which have been identified by the ongoing use of fuzzing, the OpenSSL Project has made the decision to postpone the final release of OpenSSL 3.2 by at least a week. While we have promptly fixed all bugs presently identified by fuzzing, to ensure the quality of OpenSSL 3.2, we do not intend to make the final release until all issues identified by fuzzing have been addressed and no new issues are found for one week. As a result, we have pushed the full release of OpenSSL 3.2 to the 23rd November 2023. Please stay tuned to our blog for more details on the matter.

In the meantime, the OpenSSL 3.2 Beta is currently available. We encourage all OpenSSL users to build and test against the beta release and provide feedback.

OpenSSL 3.2 will be our last release before we transition to a time-based release schedule on a 6-month cadence, with regular feature releases in October and April each year.

A complete summary of the major new features and significant changes in OpenSSL 3.2 can be found in the NEWS file; a more detailed list of changes in OpenSSL 3.2 can be found in the CHANGES file on GitHub.

Please download OpenSSL 3.2 beta1 from here and let us know about any problems you encounter by opening an issue at our GitHub page.

Feedback from the community and your involvement in testing external applications against the next version of OpenSSL is crucial to the continued quality of the OpenSSL releases. Please get in touch with us at feedback@openssl.org or on GitHub Discussions

The OpenSSL Project is excited to announce that OpenSSL 3.2 is expected to be fully released on 16th November, 2023.

In the meantime the OpenSSL 3.2 Beta is currently available. We encourage all OpenSSL users to build and test against the beta release and provide feedback.

OpenSSL 3.2 will be our last release before we transition to a time-based release schedule on a 6-month cadence, with regular feature releases in October and April each year.

A complete summary of the major new features and significant changes in OpenSSL 3.2 can be found in the NEWS file; a more detailed list of changes in OpenSSL 3.2 can be found in the CHANGES file on GitHub.

Please download OpenSSL 3.2 beta1 from here and let us know about any problems you encounter by opening an issue at our github page.

Feedback from the community and your involvement in testing external applications against the next version of OpenSSL is crucial to the continued quality of the OpenSSL releases. Please contact us at feedback@openssl.org or on GitHub Discussions