OpenSSL version 3.0 was released after three years of development. The development team made some changes to the popular SSL and TLS toolkit. So it is not fully compatible with previous versions.
OpenSSL 3.0.0 was preceded by seventeen alpha and two beta builds, over 7,500 commitments and contributions from over 350 developers, Mildt Matt Caswell From the OpenSSL project. Compared to the previous version, OpenSSL 1.1.1, which came out in 2018, available documentation increased by 94 percent and the amount of code by 54 percent, he says.
One change is that OpenSSL is now covered by the Apache v2 license instead of its own OpenSSL or SSLeay license. New is the “provider” concept, where users can select which provider they want to use for applications and these providers provide algorithm implementations such as cipher modules. By default, there are five providers, one of which is for the US government’s FIPS standard, or federal information processing standards. Third parties may also make available service providers that can connect to OpenSSL.
OpenSSL team reports in file comprehensive change All changes made. Since this is a major release, applications running an earlier version of OpenSSL must be recompiled. Additionally, warnings about broken APIs can be displayed. The majority of applications that worked with OpenSSL 1.1.1 without modification should work with version 3.0.0 anyway, although changes may be required in some cases, according to the OpenSSL project.
It was initially planned to release OpenSSL in 2019, but the release was postponed more than once.
“Lifelong zombie fanatic. Hardcore web practitioner. Thinker. Music expert. Unapologetic pop culture scholar.”