Last checked and updated on 15 May 2026
What Is New in OpenSSL 0.9.8
| Category | Highlights |
|---|---|
| New Features | Support for elliptic curve cryptography (ECDH/ECDSA); addition of SHA-256/384 in TLS handshakes; new cipher suites such as Camellia and SEED. |
| Improvements | Engine API refined for hardware accelerators; TLS extensions handling (SNI groundwork); improved random number generator seeding. |
| Bug Fixes | Fixed memory leaks in X509 verification; corrected ASN.1 parsing edge cases; patched several CVEs related to padding oracle and renegotiation. |
| Breaking Changes | SSLv2 disabled by default; MD2 algorithm removed from default builds; default certificate verification now requires explicit trust store. |
| Deprecations | Deprecated the old "ssl" command in favor of "s_client"/"s_server"; legacy PEM encryption algorithms (DES-CBC) marked obsolete. |
What new cryptographic algorithms does OpenSSL 0.9.8 provide?
OpenSSL 0.9.8 adds native support for elliptic curve cryptography and several modern symmetric ciphers.
- ECDH and ECDSA key exchange and signing using the prime256v1 curve and others.
- SHA-256 and SHA-384 are now usable in TLS handshakes, enabling stronger hash algorithms.
- New block ciphers Camellia (128/192/256) and SEED are available for both TLS and EVP interfaces.
openssl ecparam -name prime256v1 -genkey -noout -out ecc_key.pemIn practice this means you can replace RSA-based key exchange with ECDH without code changes, provided the peer also supports the curve.
How does OpenSSL 0.9.8 enhance TLS protocol support?
OpenSSL 0.9.8 introduces TLS extensions handling and improves default security posture.
- Server Name Indication (SNI) parsing is now part of the library, allowing virtual hosting over TLS.
- SSLv2 is disabled by default, reducing exposure to obsolete protocol attacks.
- Renegotiation handling has been hardened to mitigate CVE-2009-3555 style attacks.
openssl s_client -connect example.com:443 -servername example.comThis matters if you run multi-tenant services; you must enable SNI on the client side to reach the correct certificate.
What changes were made to the command-line tools and API in OpenSSL 0.9.8?
The command-line utilities receive new options and the API gains better engine integration.
- The old "ssl" command is removed; use "s_client" and "s_server" for testing TLS connections.
- Engine API now supports dynamic loading of hardware modules via ENGINE_by_id and ENGINE_ctrl_cmd_string.
- EVP interface adds EVP_PKEY_new_mac_key for HMAC key generation, simplifying code.
openssl s_server -accept 8443 -cert server.pem -key server.key -engine dynamicWatch out for scripts that still call the deprecated "ssl" binary--they will fail unless updated.
Which bugs and security issues were fixed in OpenSSL 0.9.8?
OpenSSL 0.9.8 addresses several memory-leak and parsing bugs that could lead to crashes or information disclosure.
- Memory leaks in X509_STORE_CTX verification loops are eliminated.
- ASN.1 length parsing edge cases are corrected, preventing malformed certificate crashes.
- Padding-oracle vulnerabilities in CBC mode are patched, and renegotiation attacks are mitigated.
Most teams will see a modest reduction in CPU usage during certificate validation after applying this release.
FAQ
Does OpenSSL 0.9.8 support elliptic curve keys out of the box?
Yes, it includes built-in ECDH and ECDSA support for common curves such as prime256v1.
How can I enable SHA-256 for TLS handshakes in 0.9.8?
Specify a cipher suite that uses SHA-256, for example run openssl s_client -cipher ECDHE-RSA-AES256-SHA256.
What command replaces the deprecated "ssl" utility in 0.9.8?
The "s_client" and "s_server" commands provide the same testing functionality.
Is SSLv2 still enabled by default in OpenSSL 0.9.8?
No, SSLv2 is disabled by default to improve security.
Which cipher suites were added in this release?
Camellia-128-CBC, Camellia-192-CBC, Camellia-256-CBC, and SEED-CBC were introduced.
How do I generate an ECC private key with the new tools?
Run openssl ecparam -name prime256v1 -genkey -noout -out ecc_key.pem.