OpenSSL Project released OpenSSL 1.1.1, the new Long Term Support (LTS) version of the cryptographic software library.
The most important new feature in OpenSSL 1.1.1 is TLS 1.3, which the Internet Engineering Task Force (IETF) published last month as RFC 8446, according to the organization.
Since OpenSSL 1.1.1 is API and ABI compliant with OpenSSL 1.1.0, most applications that work with the older version can take advantage of the benefits provided by TLS 1.3 by updating to the newer version.
TLS 1.3 benefits include improved connection times, the ability of clients to immediately start sending encrypted data to servers, and improved security due to the removal of outdated cryptographic algorithms.
Other changes include a complete rewrite of the random number generator, support for new cryptographic algorithms, security improvements designed to mitigate side-channel attacks, support for the Maximum Fragment Length TLS extension, and a new STORE module that implements a uniform and URI-based reader of stores that contain certificates, keys, CRLs and other objects.
The new crypto algorithms include SHA3, SHA512/224 and SHA512/256, EdDSA, X448, multi-prime RSA, SM2, SM3, SM4, SipHash and ARIA.
“OpenSSL 1.1.1 has been a huge team effort with nearly 5000 commits having been made from over 200 individual contributors since the release of OpenSSL 1.1.0,” OpenSSL developer Matt Caswell said in a post. “These statistics just illustrate the amazing vitality and diversity of the OpenSSL community.”
Since OpenSSL 1.1.1 is the new LTS release, it will receive support for at least five years. The 1.1.0 release will receive support for one year starting now, and the 1.0.2 branch, which until now was the LTS release, will receive full support until the end of 2018 and then only security updates until the end of next year.