All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

OpenSSL 4.0.0 Released with Significant New Features and Compatibility Changes

By

petecooper

1mo ago· 2 min readenCode
Bagel score 65 of 100
65/100
Toasty
Bagelometer

Toasted just enough. A reliable bake, gently seasoned.

Score65TypenewsSentimentneutral

Summary

OpenSSL 4.0.0 is a major feature release that introduces significant new functionality along with potentially incompatible changes. Key updates include removal of extra leading '00:' when printing key data in hexadecimal format where the first byte is >= 0x80, standardization of hexadecimal dump widths to 24 bytes for signatures and 16 bytes for other data, enforcement of lower bounds checks when using PKCS5_PBKDF2_HMAC API with FIPS provider, and addition of AKID verification checks. The release represents a substantial update to the widely-used cryptographic library with important technical changes that developers need to be aware of.

Key quotes

· 5 pulled
OpenSSL 4.0.0 is a feature release adding significant new functionality to OpenSSL.
Removed extra leading '00:' when printing key data such as an RSA modulus in hexadecimal format where the first (most significant) byte is >= 0x80.
Standardized the width of hexadecimal dumps to 24 bytes for signatures (to stay within the 80 characters limit) and 16 bytes for everything else.
Lower bounds checks are now enforced when using PKCS5_PBKDF2_HMAC API with FIPS provider.
Added AKID verification checks when
Snippet from the RSS feed
OpenSSL 4.0.0 is a feature release adding significant new functionality to OpenSSL. This release incorporates the following potentially significant or incompatible changes: Removed extra leading ...

You might also wanna read

Libsodium at 13: Reflecting on the Cryptography Library's Design Philosophy and API Stability

The article discusses libsodium, a 13-year-old cryptography library, focusing on its design philosophy of making cryptography simple and acc

00f.net·5mo ago

2025 Go Cryptography Ecosystem Review: Annual Updates and Developments

The article presents a comprehensive overview of developments at the intersection of Go programming language and cryptography over the past

words.filippo.io·6mo ago

Claude Code Debugs Low-Level Bug in Post-Quantum Cryptography Implementation

The author describes their experience implementing ML-DSA, a post-quantum signature algorithm, in Go over four days. Despite completing the

words.filippo.io·7mo ago

Rust Merkle Tree Library with Configurable Storage and Hash Functions

A Rust implementation of Merkle trees with configurable storage backends and hash functions. The library supports fixed depth and incrementa

github.com·7mo ago

UUIDv47 Library: Combining UUIDv7 Sortable Performance with UUIDv4 Privacy

UUIDv47 is a C library that transforms UUIDv7 (time-sortable UUIDs) into UUIDv4-like identifiers for API boundaries while maintaining the so

github.com·8mo ago

Introducing Mutation Testing for Go Cryptographic Assembly

The article discusses the challenges of testing assembly cores in the Go cryptography standard library due to their constant-time nature. It

words.filippo.io·10mo ago