OpenSSL 3.2 Alpha Released With Client-Side QUIC, Raw Public Key, SM4-XTS

The first alpha release of the OpenSSL 3.2 library is now available for testing. With OpenSSL 3.2 there are a number of new features, most notably the client-side work around QUIC support.

OpenSSL 3.2 is bringing the initial client side work around QUIC, the general purpose transport layer network protocol that was developed by Google and since adopted by the IETF. For OpenSSL 3.3 and then OpenSSL 3.4 over the next year they aim to further complete this implementation.

OpenSSL 3.2 also adds support for Brainpool curves in TLS 1.3, Raw Public Key (RFC7250) support, support for certificate compression with Brotli and Zstd, SM4-XTS support, deterministic ECDSA signatures, AES-GCM-SIV, Hybrid Public Key Encryption (HPKE), and other additions. OpeNSSL 3.2 also changes the default SSL/TLS security level from 1 to 2. More details on the changes coming with OpenSSL 3.2 can be found via the work-in-progress news file.

The OpenSSL 3.2 Alpha 1 release can be downloaded from GitHub. The OpenSSL 3.2 beta release will be here in a matter of weeks that will also serve as the feature freeze for the OpenSSL 3.2 series.