OpenSSL 4.0.0 Release Cuts Deprecated Protocols and Gains Post-Quantum Support

OpenSSL remains the de‑facto cryptographic library for web servers, cloud platforms, and embedded devices, powering TLS for a large share of internet traffic. Version 4.0.0 marks the first major release that fully excises SSLv3 and the SSLv2 client‑hello handshake, protocols that have been deprecated for over a decade and are routinely exploited in downgrade attacks. By stripping these legacy pathways and the long‑standing engine API, the project eliminates attack surface and simplifies maintenance, forcing operators to adopt modern TLS 1.2 or TLS 1.3 configurations that meet current compliance standards.

The most visible feature of the release is support for Encrypted Client Hello (ECH), defined in RFC 9849, which encrypts the Server Name Indication field and thwarts passive eavesdropping on the destination host. ECH is gaining traction among privacy‑focused browsers and CDN providers seeking to hide traffic patterns from network observers. Simultaneously, OpenSSL 4.0.0 introduces a suite of post‑quantum primitives—curveSM2MLKEM768, ML‑DSA‑MU, and cSHAKE—aligning the library with NIST’s ongoing migration roadmap and giving early adopters a path to quantum‑resistant key exchange without abandoning existing infrastructure.

Developers will need to address several breaking API changes: ASN1_STRING is now opaque, X509 time‑comparison functions have been replaced, and global cleanup via atexit() is removed in favor of explicit OPENSSL_cleanup(). Build scripts also drop obsolete darwin‑i386 and darwin‑ppc targets, and the legacy c_rehash utility has been superseded by ‘openssl rehash’. These adjustments require code audits and recompilation, but they also provide an opportunity to modernize cryptographic pipelines and reduce legacy baggage. Organizations that prioritize security and future‑proofing should schedule migration to OpenSSL 4.0.0 ahead of the next compliance cycle.