OpenSSL Communities
Wed 19 Feb 2025 4:44PM

Priorities for 3.6

JE Jon Ericson Public Seen by 15

We are fast approaching the release of OpenSSL 3.5. As the features for that release get locked in, we’re looking ahead to what might go into the October release (3.6). The Foundation would like your help, as representatives of your various communities, in prioritizing that work.

It’s important to understand that OpenSSL has time-based releases so there’s no guarantee that any particular feature will be ready for 3.6. Some features will be difficult to complete in the timeframe and others could be done well before the feature branch merge date. We are asking that the Foundation BAC focus on desirability for non-commercial purposes when prioritizing. Please do not factor the degree of difficulty at this stage.

Below is a list of features we are considering. Feel free to use this as a starting point but we very much welcome adding any other potential features for consideration.

  • Encrypted Client Hello
  • DTLS-1.3
  • BIGNUM refactoring for constant-time
  • Simplified CLI
    • New command to meet modern standards
  • Command-line UI for attribute certificates
  • Advanced QUIC features - 0-RTT, path migration
  • QUIC stack performance improvements
  • Providers/fetching/decoders performance improvements
  • Finalizing replacements of legacy constructs / functionality
    • Example: GOST support in CMS would be lost in 4.0 when ENGINE support is dropped
  • Backlog of Github issues and PRs
  • Documenting (or removing) undocumented API functions
  • More guide-style documentation
    • When to use what and not just how to use
    • Flag the difference between functionality that you can use without knowing everything and which are low-level features that the average user should avoid
  • Increasing test coverage
  • Additional PQC
    • LMS
    • X509 integration

Please check in with the community you represent and meet together as a committee. Jon Ericson can help set up a call, if that would be helpful. We are looking forward to your input!

DB

Dmitry Belyavsky Wed 19 Feb 2025 7:49PM

May I extend this list?

E.g. there are a lot to do related to the support of opaque symmetric key objects

JE

Jon Ericson Wed 19 Feb 2025 8:09PM

@beldmit Yes please! The list is intended to give the BAC a place to start. We hope there will be more suggestions and that the list will evolve over time.

PD

Paul Dale Wed 19 Feb 2025 11:10PM

What kind of deadline is there to provide input here?

The reason I ask is that gaining some practical experience with the upcoming 3.5 release might prompt some additional PQC changes. Do we have that long to finalise the 3.6 desirables?

JE

Jon Ericson Thu 20 Feb 2025 1:29AM

@ppzgs1 Since work on 3.5 is wrapping up, it would be helpful to have some data from the BAC fairly soon. But we'd rather get careful consideration than rush to get a list out to meet a fairly arbitrary deadline. The Foundation has some very informed guesses about what the various communities would find desirable, so it's not as if we will be working blind.

I think it's also reasonable to change the order based on new information. If experience with 3.5 features suggest they need more work, I would expect priorities could change.