Version 4.0.0 — 2026-05-12
Changes
- MIGRATION TO OpenSSL 4.0.0 (2026-05-12):
- Build configuration (webserver-optimised):
- Used in the NGINX/ANGIE stack on https://deb.myguard.nl
– Upgraded from OpenSSL 3.5.6 to OpenSSL 4.0.0
– Session lookup callback (OpenResty cb_yield_patch) rebased and integrated
– Configuration optimized for webserver-only deployment (nginx/angie)
– Enabled: TLS 1.2/1.3, QUIC, KTLS, TCP Fast Open, hardware RNG (rdrand)
– Enabled: X25519/X448, P-256 (ec_nistp_64_gcc_128), ChaCha20-Poly1305
– Enabled: RFC3779 (RPKI), CMS (certificate ops), zlib
– Disabled: SSLv2/3, RC2/RC4/RC5, DES, MD2/MD4, IDEA, MDC2, Seed
– Disabled: Blowfish, CAST, Camellia, SRP, DSA, Whirlpool
– Disabled: FIPS provider, legacy provider, test harness, CLI tools
– IMPACT: -500KB from standard Debian build, zero overhead from disabled features
– No system OpenSSL conflict — pure add-on for webserver builds
– All hardening flags enabled (PIE, RELRO, stack protection, bind-now)
Distributions
- bookworm
- jammy
- noble
- resolute
- trixie