OpenSSL 4.0.0

Finally encrypted client hello support \o/

How is OpenSSl these days? I vaguely remember the big ruckus a while back, was it Heartbleed? where everyone to their horror realized it was maybe 1 or 2 people trying to maintain OpenSSL, and the OpenBSD people then throwing manpower at it to clear up a lot of old outstanding bugs. It seems like it is on firmer/more organized footing these days?

https://www.haproxy.com/blog/state-of-ssl-stacks

According to this one should not be using v3 at all..

Compared to OpenSSL 3 this transition has been very smooth. Only dropping of "Engines" was a problem at all, and in Fedora most of those dependencies have been changed.

As a complete non-expert:

On the one hand, looks like decent cleanup. (IIRC, engines in particular will not be missed).

On the other hand, breaking compatibility is always a tradeoff, and I still remember 3.x being... not universally loved.

Mythos is coming for yaaaaa (just kidding).

I just updated to 3.5x to get pq support. Anything that might tempt me to upgrade to 4.0?

I wonder how hard it is to move from 3.x to 4.0.0 ?

From what I remember hearing, the move from 2 to 3 was hard.

Just in time for the suckerpinch video