OpenSSL 3.0 - What are the important changes?
Vložit
- čas přidán 26. 07. 2024
- OpenSSL 3.0 has just been released. In this video Graham explains what you need to know about the new version of this highly popular cryptographic library, what makes OpenSSL 3.0 different, and what changes you need to make to be compliant.
He explains how the default cipher has changed from the old version of the PKCS#12 standard to the new PBKDF 2 version of the standard, as well as some interesting changes to the providers that can be called by the API.
FIPS coverage of OpenSSL has also changed for OpenSSL 3.0 which is a big deal if you are using OpenSSL inside a product that is supplied to the US Government, or even if you're just using FIPS 140 as a benchmark security standard.
References:
OpenSSL - www.openssl.org/blog/blog/202...
Understanding PKCS#12 Keystores - • Explaining Keystores |...
FIPS 140 compliance for applications - • How to Ensure FIPS Com...
Analyze your OpenSSL cryptography usage - cryptosense.com/analyzer/demo - Věda a technologie
deprication of p, q, g in dsa_st ... is causing code porting problem. This is majorly done as part of streamlining EVP layer.
Thanks for this summary - I was waiting for this one :) ... On something separate, would you ever consider doing a video review of some of the lower-cost HSMs that are available e.g. YubiHSM 2, NitrokeyHSM 2, Smartcard-HSM or others that you would recommend / stay clear of ?
Glad you enjoyed it. Thanks for the suggestion about an HSM review, we'll consider it for a future video.
How to get certificate information? I can't find the way.
Like
I liked your like