Last checked and updated on 15 May 2026
What Is New in OpenSSL 1.1.0
| Category | Highlights |
|---|---|
| New Features | Opaque libcrypto structures, ChaCha20-Poly1305 cipher, TLS extensions, automatic memory cleanup via EVP APIs. |
| Improvements | Thread-safe global state, unified configuration file, enhanced error strings, better FIPS support. |
| Bug Fixes | Fixed several ASN.1 parsing edge cases, corrected EVP_PKEY handling bugs, resolved memory leaks in X509 verification. |
| Breaking Changes | Low-level RSA/DH/EC structures are now opaque, many legacy APIs removed, ENGINE initialization changed. |
| Deprecations | Deprecated EVP_MD_CTX_init/cleanup, SSLv2/SSLv3 disabled by default, old PEM password callbacks. |
Why does OpenSSL 1.1.0 use opaque structures for keys and contexts?
OpenSSL 1.1.0 makes RSA, DH, EC, and EVP structures opaque to enforce encapsulation and improve binary compatibility.
- Applications can no longer access struct fields directly; use the new EVP_PKEY_get_* and EVP_PKEY_set_* helpers.
- This change eliminates accidental memory corruption caused by mismatched library versions.
- In practice, migration requires replacing direct field accesses with the provided accessor functions.
#include <openssl/evp.h>
EVP_PKEY *pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pkey, RSA_new()); // correct way to attach an RSA key
How has thread safety been improved in OpenSSL 1.1.0?
OpenSSL 1.1.0 introduces a built-in, lock-free global state that removes the need for application-provided locking callbacks.
- The library now creates its own mutexes on first use; no CRYPTO_set_locking_callback required.
- This matters if you run OpenSSL in multi-threaded services such as web servers or message brokers.
- Watch out for legacy code that still registers custom callbacks - they will be ignored.
#include <openssl/ssl.h>
SSL_library_init(); // still needed for initialization
SSL_CTX *ctx = SSL_CTX_new(TLS_method()); // thread-safe out of the box
What new cipher suites and TLS extensions are available in OpenSSL 1.1.0?
OpenSSL 1.1.0 adds ChaCha20-Poly1305 and several modern TLS extensions such as ALPN and SNI enhancements.
- ChaCha20-Poly1305 is exposed as
TLS_CHACHA20_POLY1305_SHA256and is useful on ARM platforms. - ALPN (Application-Layer Protocol Negotiation) can now be set with
SSL_set_alpn_protosfor HTTP/2 support. - SNI handling is stricter; duplicate hostnames are rejected during handshake.
SSL_CTX_set_alpn_protos(ctx, (const unsigned char *)"\x02h2", 3);
Which legacy APIs were removed or deprecated in OpenSSL 1.1.0?
OpenSSL 1.1.0 removes direct access to RSA, DH, and EC structures and deprecates the old EVP_MD_CTX_init/cleanup pair.
- Functions like
RSA_new()still exist, but fields must be accessed viaRSA_get0_keyand similar helpers. - The
SSLv2andSSLv3protocols are disabled by default and can be re-enabled only with explicit compile-time flags. - Old PEM password callbacks that use
int (*cb)(char *, int, int, void *)are replaced by the newerpem_password_cbsignature.
FAQ
Can I compile OpenSSL 1.1.0 with the same Makefile as 1.0.2?
You need to use the new Configure script because the build system was reorganized and some options have been renamed.
Do existing applications need to be recompiled after upgrading to 1.1.0?
Yes, because the ABI changed due to opaque structures and removed symbols.
Is the ChaCha20-Poly1305 cipher enabled by default?
No, you must enable it in the cipher list or configure it in the SSL_CTX.
How do I migrate code that accesses RSA->e directly?
Replace RSA->e with a call to RSA_get0_key and use the returned BIGNUM pointer.
What command shows the new security level defaults?
Running openssl ciphers -v will display the default security level of 1 in OpenSSL 1.1.0.
Does disabling SSLv3 require a code change?
SSLv3 is disabled by default, so no code change is needed unless you explicitly enable it.