Announcement

Collapse
No announcement yet.

OpenSSL 3.0 Release Candidate Arrives With Big Changes

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • OpenSSL 3.0 Release Candidate Arrives With Big Changes

    Phoronix: OpenSSL 3.0 Release Candidate Arrives With Big Changes

    The OpenSSL project today shipped their OpenSSL 3.0 Beta, which is their equivalent to a release candidate ahead of the planned official 3.0.0 release next quarter...

    https://www.phoronix.com/scan.php?pa...ease-Candidate

  • #2
    So what ever happened to 2.0?

    Comment


    • #3
      Originally posted by anarki2 View Post
      So what ever happened to 2.0?
      Probably desperate with the success of wireguard, they try the "super MAJOR version bump" very well known in sinking companies.

      Comment


      • #4
        Originally posted by rmfx View Post

        Probably desperate with the success of wireguard, they try the "super MAJOR version bump" very well known in sinking companies.
        Without knowing the internal discussions of the 1.1.1 >> 3.0 change, my guess is so there's no version confusion with things like OpenSSL's FIPS v 2 and the like since that module got a complete overhaul and integrated into the main trunk.

        Also once one thinks about it, it makes even more sense as the specification is now somewhere in version 3 range as well, I believe.

        Comment


        • #5
          Originally posted by stormcrow View Post

          Without knowing the internal discussions of the 1.1.1 >> 3.0 change, my guess is so there's no version confusion with things like OpenSSL's FIPS v 2 and the like since that module got a complete overhaul and integrated into the main trunk.

          Also once one thinks about it, it makes even more sense as the specification is now somewhere in version 3 range as well, I believe.
          Goddamn good guess.

          The current development version (master branch) will be identified as version 3.0.0. The OpenSSL FIPS module currently under development will also follow this versioning scheme. We are skipping the 2.0.0 major version because the previous OpenSSL FIPS module has already used this number.

          OpenSSL version 3.0.0 will be the first version that we release under the Apache License 2.0. We will not be applying the Apache License to earlier releases of OpenSSL.

          Comment


          • #6
            More like OpenSSL 3.0 Release Candidate Arrives With Big Chungus

            Comment


            • #7
              Meanwhile LibreSSL is 3.3.3 already.
              We should ditch this mess and go for a more secure implementation, or use rustls to enter the heaven.

              Comment


              • #8
                Originally posted by rmfx View Post

                Probably desperate with the success of wireguard, they try the "super MAJOR version bump" very well known in sinking companies.
                You're thinking of OpenVPN probably, not OpenSSL, right?

                Comment


                • #9
                  So... still no QUIC

                  Comment


                  • #10
                    Very nice with the license change!
                    Previously it had some weird own vanity license, and dual-licensed, very confusing. Now it is just the well-known, widely-accepted, well-received, Apache License 2.0.

                    But how can we know that OpenSSL is really safe and secure?
                    I think that for something like this we would need Rust.

                    Comment

                    Working...
                    X