OpenSSL 4.0.0

https://github.com/openssl/openssl/releases/tag/openssl-4.0.0

110•petecooper•2h ago

Comments

capitol_•2h ago

Finally encrypted client hello support \o/

bombcar•1h ago

Is this something that we can enable "today" or is it going to take 12 years for browsers and servers to support?

arcfour•1h ago

CloudFlare has supported it since 2023: https://blog.cloudflare.com/announcing-encrypted-client-hell... Firefox has had it enabled by default since version 119: https://support.mozilla.org/en-US/kb/faq-encrypted-client-he... so you can use it today.

bombcar•1h ago

https://tls-ech.dev indicates that Safari doesn't support it, but Chrome does.

altairprime•44m ago

That’s likely due to iOS/macOS not supporting it in production-default-enabled yet; there’s an experimental opt-in flag at the OS level, but Safari apparently hasn’t (yet) added a dev feature switch for it.

https://developer.apple.com/documentation/security/sec_proto...

Presumably anyone besides Safari can opt-in to that testing today, but I wouldn’t ship it worldwide and expect nice outcomes until (I suspect) after this fall’s 27 releases. Maybe someone could PR the WebKit team to add that feature flag in the meantime?

kro•1h ago

Nginx mainline 1.29.x supports it. So once you get that and also the openssl version on your system, good to go. Likely too late for ubuntu 26.04, maybe in debian 14 next year, or of course rolling release distros / containers.

But, in a personal/single website server, ech does not really add privacy, adversaries can still observe the IP metadata and compare what's hosted there. The real benefits are on huge cloud hosting platforms.

ocdtrekkie•1h ago

Just be aware any reasonable network will block this.

quantummagic•33m ago

Why is it "reasonable" to block it?

vman81•19m ago

Well, I may want to have a say in what websites the employees at work access in their browsers. For example.

altairprime•10m ago

[delayed]

kccqzy•7m ago

That’s usually done not on the network side but through the device itself. Think MDM and endpoint management.

ocdtrekkie•2m ago

A good solution is tackling it on both. At work we have network level firewalls with separate policies for internal and guest networks, and our managed PCs sync a filter policy as well (through primarily for when those devices are not on our network). The network level is more efficient, easier to manage and troubleshoot, and works on appliances, rogue hardware, and other things that happen not to have client management.

hypeatei•28m ago

Procrastinators. FTFY.

Eventually these blocks won't be viable when big sites only support ECH. It's a stopgap solution that's delaying the inevitable death of SNI filtering.

yjftsjthsd-h•2h ago

As a complete non-expert:

On the one hand, looks like decent cleanup. (IIRC, engines in particular will not be missed).

On the other hand, breaking compatibility is always a tradeoff, and I still remember 3.x being... not universally loved.

moralestapia•2h ago

That's why it is version 4.

ge96•2h ago

Just in time for the suckerpinch video

jmclnx•1h ago

I wonder how hard it is to move from 3.x to 4.0.0 ?

From what I remember hearing, the move from 2 to 3 was hard.

georgthegreat•1h ago

That's because there was no version 2...

some_furry•1h ago

Yes there was!

But, thousand yard stare it was the version for the FIPS patches to 1.0.2.

georgthegreat•1h ago

https://www.haproxy.com/blog/state-of-ssl-stacks

According to this one should not be using v3 at all..

danudey•58m ago

Nice that OpenSSL finally relented and provided an API for developers to use to implement QUIC support - last year, apparently.

For those not familiar: until OpenSSL 3.4.1, if you wanted use OpenSSL and wanted to implement HTTP/3, which uses QUIC as the underlying protocol, you had to use their entire QUIC stack; you couldn't have a QUIC implementation and only use OpenSSL for the encryption parts.

QUIC, for those not familiar, is basically "what if we re-implemented TCP's functionality on top of UDP, but we could throw out all the old legacy crap". Complicated but interesting, except that if OpenSSL's implementation didn't do what you want or didn't do it well, you either had to put up with it or go use some other SSL library somewhere else. That meant that if you were using e.g. curl built against OpenSSL then curl also inherently had to use OpenSSL's QUIC implementation even if there were better ones available.

Daniel Stenberg from Curl wrote a great blog post about how bad and dumb that was if anyone is interested. https://daniel.haxx.se/blog/2026/01/17/more-http-3-focus-one...

rwmj•1h ago

Compared to OpenSSL 3 this transition has been very smooth. Only dropping of "Engines" was a problem at all, and in Fedora most of those dependencies have been changed.

caycep•1h ago

How is OpenSSl these days? I vaguely remember the big ruckus a while back, was it Heartbleed? where everyone to their horror realized it was maybe 1 or 2 people trying to maintain OpenSSL, and the OpenBSD people then throwing manpower at it to clear up a lot of old outstanding bugs. It seems like it is on firmer/more organized footing these days?

kccqzy•1h ago

It’s still terrible. There was a brief period immediately after Heartbleed that it was rapidly improving but the entire OpenSSL 3 was a huge disappointment to anyone who cared about performance and complexity and developer experience (ergonomics). Core operations in OpenSSL 3 are still much much slower than in OpenSSL 1.1.1.

The HAProxy people wrote a very good blog post on the state of SSL stacks: https://www.haproxy.com/blog/state-of-ssl-stacks And the Python cryptography people wrote an even more damning indictment: https://cryptography.io/en/latest/statements/state-of-openss...

Here are some juicy quotes:

> With OpenSSL 3.0, an important goal was apparently to make the library much more dynamic, with a lot of previously constant elements (e.g., algorithm identifiers, etc.) becoming dynamic and having to be looked up in a list instead of being fixed at compile-time. Since the new design allows anyone to update that list at runtime, locks were placed everywhere when accessing the list to ensure consistency.

> After everything imaginable was done, the performance of OpenSSL 3.x remains highly inferior to that of OpenSSL 1.1.1. The ratio is hard to predict, as it depends heavily on the workload, but losses from 10% to 99% were reported.

> OpenSSL 3 started the process of substantially changing its APIs — it introduced OSSL_PARAM and has been using those for all new API surfaces (including those for post-quantum cryptographic algorithms). In short, OSSL_PARAM works by passing arrays of key-value pairs to functions, instead of normal argument passing. This reduces performance, reduces compile-time verification, increases verbosity, and makes code less readable.

gavinray•22m ago

  > In short, OSSL_PARAM works by passing arrays of key-value pairs to functions, instead of normal argument passing.

Ah yes, the ole' " fn(args: Map<String, Any>)" approach. Highly auditable, and Very Safe.

tptacek•48m ago

The security side of OpenSSL improved significantly since Heartbleed, which was a galvanizing moment for the maintenance practices of the project. It doesn't hurt that OpenSSL is now one of the most actively researched software security targets on the Internet.

The software quality side of OpenSSL paradoxically probably regressed since Heartbleed: there's a rough consensus that the design of OpenSSL 3.0 was a major step backwards, not least for performance, and more than one large project (but most notably pyca/cryptography) is actively considering moving away from OpenSSL entirely as a result. Again: while security concerns might be an ancillary issue in those potential migrations, the core issue is just that OpenSSL sucks to work with now.

bensyverson•55m ago

I just updated to 3.5x to get pq support. Anything that might tempt me to upgrade to 4.0?

altairprime•51m ago

The top feature, “ Support for Encrypted Client Hello (ECH, RFC 9849)”, is of prime importance to those operating Internet-accessible servers, or clients; hopefully your Postgres server is not one such!

Show HN: ILTY – AI mental health companion that does not pat your back

Enterprise Cloud in Central Asia

Poll: How likely are you to install phone apps?

I rewrote network setup for sandboxes in Rust and it sped up by 57x

Show HN: Run Python tools on rust agents

An exhaustive review of design tool hover areas

Show HN: Putting AI in the loop for embedded dev

Show HN: Pave – CLI for Managing Path

NASA building the first nuclear reactor-powered spacecraft. How will it work?

A simple test-time method that beats Claude Mythos on Terminal-Bench

Synctera acquires compliance startup Cable

Can Michigan Become the U.S. Drone Capital?

AgentFM – A single Go binary that turns idle GPUs into a P2P AI grid

Demoralize Your Teams Quickly and Efficiently with Micromanagement (2010)

Whop: The Gen-Z Platform That Wants to Be Your Bank, Broker and Business

GitHub gave webhook secrets away in webhook call

Mississippi is running out of liquor, and it's the state's fault

Mamdani Plans to Open City-Owned Grocery Store in East Harlem

Moonsteading

The Great Pyramid of Giza and the Speed of Light

Why Is France Moving from Microsoft Windows to Linux

Aadam Jacobs Collection at the Live Music Archive: Free Audio

YouTube Device Partner Summit 2026

Show HN: Speech to Calorie Tracker

Event Order

RGC-Basic Update: Easy, Modern Basic in the Browser Has Sprites Now

Amiga XSysInfo v0.6

Generalist AI Doesn't Scale

Show HN: Quant Job Market Visualizer

Crates.io Trusted Publishing