Dark Reading -
The OpenSSL Software Foundation today released a completely refreshed version of the software, OpenSSL, that handles much of the encrypted communications for the Internet.
The latest version, OpenSSL 3.0, adds compliance with the Federal Information Processing Standards (FIPS), deprecates — with a plan to remove — a slew of low-level API functions that could cases security issues, and has added much more testing to the development processes. Reducing the number of low-level API functions means reducing the number of ways that developers could misuse or mistakenly use those functions, says Chris Eng, chief research officer at application security firm Veracode.
The major version upgrade “includes a number of architectural changes that will help developers reduce attack surface while still retaining the functionality they may have come to rely on,” he says, adding that deprecating the low-level API functions will “discourage developers from tweaking the internals of individual cryptographic algorithms and steering
The post Major New OpenSSL Released first appeared on Dark Reading.