Announcement

**anarki2** · 17 June 2021, 06:55 PM

So what ever happened to 2.0?

**rmfx** · 17 June 2021, 07:17 PM

Originally posted by anarki2 View Post

So what ever happened to 2.0?

Probably desperate with the success of wireguard, they try the "super MAJOR version bump" very well known in sinking companies.

**stormcrow** · 17 June 2021, 07:21 PM

Originally posted by rmfx View Post

Probably desperate with the success of wireguard, they try the "super MAJOR version bump" very well known in sinking companies.

Without knowing the internal discussions of the 1.1.1 >> 3.0 change, my guess is so there's no version confusion with things like OpenSSL's FIPS v 2 and the like since that module got a complete overhaul and integrated into the main trunk.

Also once one thinks about it, it makes even more sense as the specification is now somewhere in version 3 range as well, I believe.

**skeevy420** · 17 June 2021, 07:29 PM

Originally posted by stormcrow View Post

Without knowing the internal discussions of the 1.1.1 >> 3.0 change, my guess is so there's no version confusion with things like OpenSSL's FIPS v 2 and the like since that module got a complete overhaul and integrated into the main trunk.

Also once one thinks about it, it makes even more sense as the specification is now somewhere in version 3 range as well, I believe.

Goddamn good guess.

The current development version (master branch) will be identified as version 3.0.0. The OpenSSL FIPS module currently under development will also follow this versioning scheme. We are skipping the 2.0.0 major version because the previous OpenSSL FIPS module has already used this number.

OpenSSL version 3.0.0 will be the first version that we release under the Apache License 2.0. We will not be applying the Apache License to earlier releases of OpenSSL.

**trucekill** · 17 June 2021, 09:25 PM

More like OpenSSL 3.0 Release Candidate Arrives With Big Chungus

**thegodland** · 18 June 2021, 03:02 AM

Meanwhile LibreSSL is 3.3.3 already

.
We should ditch this mess and go for a more secure implementation, or use rustls to enter the heaven.

**flakmirror** · 18 June 2021, 03:33 AM

Originally posted by rmfx View Post

Probably desperate with the success of wireguard, they try the "super MAJOR version bump" very well known in sinking companies.

You're thinking of OpenVPN probably, not OpenSSL, right?

**PSSGCSim** · 18 June 2021, 04:16 AM

So... still no QUIC

**uid313** · 18 June 2021, 05:11 AM

Very nice with the license change!
Previously it had some weird own vanity license, and dual-licensed, very confusing. Now it is just the well-known, widely-accepted, well-received, Apache License 2.0.

But how can we know that OpenSSL is really safe and secure?
I think that for something like this we would need Rust.

Announcement

OpenSSL 3.0 Release Candidate Arrives With Big Changes

OpenSSL 3.0 Release Candidate Arrives With Big Changes

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment