OpenSSL 4.0 has just been released, a major update to this widely used SSL/TLS and encryption library. OpenSSL 4.0 provides improved privacy with support for Encrypted Client Hello (ECH), which encrypts the initial TLS handshake and hides the Server Name Indication (SNI).
OpenSSL 4.0 also deprecates support for legacy SSLv3 and other legacy protocols/engines, and improves post-quantum cryptography with support for RFC 8998, ML-DSA-MU, and the tls-hybrid-sm2-mlkem post-quantum cryptography group.
OpenSSL 4.0 also takes advantage of the major version bump to introduce other incompatible changes, such as removing SSLv2 Client Hello and dropping engine support, and removing Darwin i386 and PowerPC/PPC64 targets.
More details about the OpenSSL 4.0 release are available on GitHub.
