The most popular SSL/TLS and crypto library just released their new version, 4.0 and its pretty cool so far:
- Encrypted Client Hello (ECH) support (RFC 9849) – Protects handshake metadata from eavesdroppers.
- Post-quantum cryptography – Adds hybrid key exchange curveSM2MLKEM768.
- Negotiated FFDHE in TLS 1.2 – Follows RFC 7919 for stronger key exchange.
- AKID verification – Enabled when X509_V_FLAG_X509_STRICT is set.
- Enhanced CRL checks – More robust certificate revocation verification.
- PKCS5_PBKDF2_HMAC lower bounds enforced – In FIPS provider for stronger password-based key derivation.
and more! Check their github.
.
