OpenSSL 4.0.0 has been released as a major feature release with significant breaking changes and new functionality. Key removals include SSLv2 Client Hello, SSLv3 support, the legacy engine subsystem, deprecated EC curves enabled by default, and several deprecated API functions. Breaking API changes include const qualifier additions across X509 functions, ASN1_STRING becoming opaque, and libcrypto no longer cleaning up via atexit(). New features include Encrypted Client Hello (ECH, RFC 9849), post-quantum hybrid key exchange (curveSM2MLKEM768), cSHAKE support per SP 800-185, ML-DSA-MU digest algorithm, SNMP/SRTP KDF support, deferred FIPS self-tests, and negotiated FFDHE key exchange in TLS 1.2.
Sort: