Last checked and updated on 15 May 2026
What Is New in OpenSSL 1.1.1
| Category | Highlights |
|---|---|
| Security Fixes |
|
| Performance Improvements |
|
| Platform Compatibility Fixes |
|
| Certificate & Policy Hardening |
|
How does OpenSSL 1.1.1 address recent security vulnerabilities?
OpenSSL 1.1.1 incorporates a series of security patches that fix critical CVEs across cryptographic primitives and protocol handling.
- POLY1305 MAC implementation now preserves XMM registers on Windows (CVE-2023-4807).
- DH parameter checks no longer consume excessive CPU time for large moduli (CVE-2023-3817, CVE-2023-3446).
- RSA decryption timing side-channel has been mitigated (CVE-2022-4304).
- Use-after-free bugs in BIO_new_NDEF and double-free in PEM_read_bio_ex have been eliminated (CVE-2023-0215, CVE-2022-4450).
- Multiple ASN.1 string buffer overruns were patched (CVE-2021-3712).
What performance improvements are included in the latest OpenSSL 1.1.1 releases?
Recent OpenSSL 1.1.1 updates trim down costly operations that could stall high-throughput services.
- DH q-parameter validation now exits early, preventing minutes-long hangs on malformed keys.
- OBJ_obj2txt() has a guard against gigantic OID components, restoring linear performance (CVE-2023-2650).
- The X.509 policy tree construction caps node creation, avoiding exponential blow-up (CVE-2023-0464).
Which platform-specific bugs were fixed in OpenSSL 1.1.1?
OpenSSL 1.1.1 now runs reliably on a broader set of operating systems and architectures.
- Windows builds no longer corrupt XMM registers during POLY1305 operations.
- AES-OCB encryption on 32-bit x86 platforms correctly processes all bytes (CVE-2022-2097).
- The c_rehash utility sanitises shell metacharacters, preventing command-injection attacks (CVE-2022-1292, CVE-2022-2068).
- A missing
memcmpheader was added to avoid compilation failures on niche platforms.
How have certificate and policy handling been hardened in OpenSSL 1.1.1?
Certificate processing now follows stricter validation rules to reduce the attack surface.
- X.400 address type confusion in GeneralName has been fixed (CVE-2023-0286).
- Invalid certificate policies in leaf certificates are now rejected (CVE-2023-0465).
- Documentation and runtime behavior of
X509_VERIFY_PARAM_add0_policywere aligned (CVE-2023-0466). - A regression that skipped refreshing certificate data before signing was corrected.
openssl version -aFAQ
Do I need to rebuild my applications after upgrading to OpenSSL 1.1.1?
Most binaries will continue to work unchanged unless they depend on symbols that were removed or altered in the security patches.
Which command shows the OpenSSL version and build options?
Run openssl version -a to display the full version string and compile-time configuration.
Will the DH parameter performance fix affect existing key files?
The fix only changes the validation path; existing DH keys remain compatible.
Is the POLY1305 Windows fix relevant for Linux deployments?
No, the register corruption issue was specific to the Windows assembler implementation.
Can the c_rehash sanitisation change affect my existing shell scripts?
Scripts that relied on unsanitised output may need to quote the filenames returned by c_rehash.
Are there any new runtime configuration options introduced in these releases?
No new configuration directives were added; the changes are all internal patches and bug fixes.