OpenSSL 4.0.0 lands with big removals, new crypto, and a clear message: upgrade or adapt

What changed — short version

OpenSSL 4.0.0 is a feature release that reshuffles a lot of deck chairs. Expect API tweaks, tightened sanity checks, and several removals that will break older integrations. Among the headline moves: SSLv2 Client Hello is gone, SSLv3 has been removed entirely (it’s been deprecated since 2015), and the long‑standing “engines” facility is gone — the no-engine build option and OPENSSL_NO_ENGINE macro are now always present. It has been reported that some applications and third‑party modules that relied on engines will need code changes or replacement libraries.

Breaking changes and compatibility headaches

This release changes many API signatures to add const qualifiers, deprecates a trio of X509 time comparison helpers in favor of X509_check_certificate_times(), and removes deprecated custom EVP_CIPHER/EVP_MD/EVP_PKEY/EVP_PKEY_ASN1 hooks. Cleanup behavior is different: libcrypto no longer uses atexit() for global cleanup, and OPENSSL_cleanup() may run in a global destructor — or not — by default. That’s the emotional moment for ops teams: do you love the cleaner internals, or dread the subtle memory/cleanup differences when you upgrade? Either way, plan to test; there’s no magic here.

Security and parsing tightening

OpenSSL 4.0.0 hardens several validation paths — PKCS5_PBKDF2_HMAC now enforces lower bounds checks with the FIPS provider, AKID verification is performed when X509_V_FLAG_X509_STRICT is set, and CRL verification got extra checks. Hex dumps and signature formatting were standardized (24 bytes for signatures, 16 bytes for other dumps), and some legacy, broken, or unused pieces (like BIO_f_reliable()) were removed. These are the kind of under‑the‑hood moves that reduce attack surface but can be thorny in compatibility terms.

New features — ECH, SM2, and post‑quantum nods

On the feature side, OpenSSL adds support for Encrypted Client Hello (ECH, RFC 9849) and cryptographic primitives from RFC 8998 (sm2sig_sm3) plus related groups (curveSM2 and curveSM2MLKEM768 for a hybrid post‑quantum option). Deprecated EC behaviors and explicit curve support are disabled at compile time by default but can be reenabled with configure flags if you really need them. In short: modern privacy features and more crypto variety, but with a clear nudge toward retiring old baggage.

If you run services that depend on OpenSSL, don’t treat this as a drop‑in update. Test your stack, read the release notes, and inventory any use of deprecated hooks — especially engines and custom EVP methods. The upgrade gives new toys and tighter security, but also a short checklist of migrations.

Sources: github.com/openssl, Hacker News