CP
cyberpings

OpenSSL 4.0.0 - Deprecated Protocols Removed, Gains Support

OpenSSL 4.0.0 has been released, cutting deprecated protocols and enhancing security with post-quantum features. Applications must update to remain functional and secure.

VulnerabilitiesHIGHUpdated: Published:
Featured image for OpenSSL 4.0.0 - Deprecated Protocols Removed, Gains Support

Original Reporting

HNHelp Net Security·Anamarija Pogorelec

AI Summary

CyberPings AI·Reviewed by Rohit Rana

🎯Basically, OpenSSL 4.0.0 cuts old features and adds new security measures.

What Happened

OpenSSL has released version 4.0.0, marking a significant update that removes several long-deprecated features. This version eliminates support for SSLv3, SSLv2 client hello, and the engine API, which were previously phased out due to security concerns. The removal of these protocols is a crucial step in enhancing security standards in cryptographic communications.

What's at Risk

Applications built against older versions of OpenSSL may face compatibility issues due to the removal of these deprecated features. Developers will need to update their code to ensure continued functionality and security. The changes could potentially lead to vulnerabilities if not addressed promptly.

New Features

The update introduces support for Encrypted Client Hello (ECH), which encrypts the client hello message, preventing passive observers from reading sensitive information like server names. Additionally, OpenSSL 4.0.0 includes post-quantum cryptography features, such as the hybrid key exchange group curveSM2MLKEM768 and the ML-DSA-MU digest algorithm, enhancing security against future quantum threats.

API Changes

Significant API-level changes have been made that will require integrators to revise their applications. Functions related to X.509 processing have been updated, and some deprecated functions have been removed entirely. For instance, the libcrypto library no longer cleans up globally allocated data, which could affect how applications manage memory.

Build and Tooling Adjustments

The release also includes changes in build and tooling, such as the removal of support for deprecated elliptic curves in TLS and dropping certain build targets. These adjustments aim to streamline the development process and improve security practices.

What You Should Do

Developers using OpenSSL should: By taking these steps, developers can maintain robust security practices and adapt to the evolving landscape of cybersecurity.

Containment

  • 1.Review the changes in version 4.0.0 and update their applications accordingly.
  • 2.Test applications to ensure compatibility with the new version.

🔒 Pro Insight

🔒 Pro insight: The removal of SSLv3 and SSLv2 client hello is pivotal for modernizing cryptographic standards, but developers must act quickly to mitigate compatibility risks.

HNHelp Net Security· Anamarija Pogorelec
Read Original

Share

Related Pings

Vulnerabilities
HIGH

Codex Hacks Samsung TV - Privilege Escalation Exploit Revealed

OpenAI's Codex AI exploited a vulnerability in Samsung Smart TVs, escalating privileges to root. This raises serious security concerns for device manufacturers. Immediate action is needed to secure vulnerable driver interfaces.

CSCyber Security News
Read PingRead Source
Preview image for DavMail 6.6.0 - Patches Regex Flaw and Updates Backend
Vulnerabilities
HIGH

DavMail 6.6.0 - Patches Regex Flaw and Updates Backend

DavMail has released version 6.6.0, fixing a regex vulnerability and enhancing its Microsoft Graph backend. This update is essential for organizations using DavMail with Microsoft services. Users should upgrade to ensure security and functionality.

HNHelp Net Security
Read PingRead Source
Preview image for Zero-Day Vulnerability - Researcher Disables CrowdStrike EDR
Vulnerabilities
HIGH

Zero-Day Vulnerability - Researcher Disables CrowdStrike EDR

A researcher has uncovered a zero-day vulnerability that disables CrowdStrike EDR. This flaw allows attackers to exploit trusted drivers, posing a significant risk. Organizations must act quickly to mitigate this threat.

CSCyber Security News
Read PingRead Source
Preview image for ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited, Urgent Updates Required
Vulnerabilities
CRITICAL

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited, Urgent Updates Required

A critical RCE vulnerability in ShowDoc is actively being exploited, putting unpatched servers at serious risk. Immediate updates are essential.

THThe Hacker News+1 more
Read PingRead Source
Preview image for Critical Flaw in wolfSSL Library Enables Forged Certificates
Vulnerabilities
CRITICAL

Critical Flaw in wolfSSL Library Enables Forged Certificates

A critical flaw in the wolfSSL library could allow forged certificates to be accepted by systems. This affects billions of applications worldwide. Organizations must update to the latest version immediately to mitigate risks.

BCBleepingComputer
Read PingRead Source
Preview image for Architectural Vulnerabilities - Exploring Agentic LLM Browsers
Vulnerabilities
HIGH

Architectural Vulnerabilities - Exploring Agentic LLM Browsers

A new analysis reveals critical vulnerabilities in agentic LLM browsers like Comet and OpenAI Atlas. These flaws expose users to sophisticated attacks, risking data security. Awareness and caution are essential as these technologies evolve.

VAVaronis Blog
Read PingRead Source