OpenSSL 4.0: What's New, Release History & EOL Status

Latest in branch 4.0

4.0.0

Released 14 Apr 2026
(1 month ago)

Software	OpenSSL
Branch	4.0
Status	Supported
Initial release	4.0.0 14 Apr 2026 (1 month ago)
Latest release	4.0.0 14 Apr 2026 (1 month ago)
End of OSS support	14 May 2027 (Ends in 1 year)
Premium support	Unavailable
Release notes	https://github.com/openssl/openssl/releases/tag/openssl-4.0.0
Source code	https://github.com/openssl/openssl/tree/openssl-4.0.0
Download	https://github.com/openssl/openssl/releases/tag/openssl-4.0.0
OpenSSL 4.0 Releases	View full list

What Is New in OpenSSL 4.0

Category	Highlights
New Features	Encrypted Client Hello (ECH), SM2/SM3 signatures, curveSM2MLKEM768, cSHAKE, ML-DSA-MU, SNMP KDF, SRTP KDF, deferred FIPS self-tests, dynamic VC runtime on Windows, negotiated FFDHE in TLS 1.2
Improvements	Standardized hex dump widths, lower-bound checks for PKCS5_PBKDF2_HMAC with FIPS, AKID verification under X509_V_FLAG_X509_STRICT, augmented CRL checks, BIO_snprintf now uses libc snprintf, OPENSSL_cleanup in destructor, const-correct API signatures
Breaking Changes	Removed SSLv2 Client Hello, SSLv3 support, engine support, deprecated EC curves disabled by default, removed c_rehash, removed BIO_f_reliable, removed custom EVP method hooks, opaque ASN1_STRING, global atexit cleanup eliminated
Deprecations	Deprecated X509_cmp_* functions replaced by X509_check_certificate_times, removed msie-hack option, removed fixed SSL/TLS version methods, removed ERR_* state functions

What legacy protocols and engine support were removed in OpenSSL 4.0?

OpenSSL 4.0 drops support for SSLv2, SSLv3, and the engine framework.

SSLv2 Client Hello is no longer recognized.
SSLv3 has been removed entirely; it was already disabled by default since 1.1.0.
The no-engine build option and OPENSSL_NO_ENGINE macro are now always present; all engine APIs are gone.
Deprecated EC curves required by RFC 8422 are disabled at compile time unless explicitly enabled.

How does OpenSSL 4.0 improve security and compliance features?

The release adds Encrypted Client Hello, stricter X509 verification, and new post-quantum and Chinese cryptographic algorithms.

ECH (RFC 9849) is now a first-class feature; see SSL_CTX_set_hello_cb() for integration.
When X509_V_FLAG_X509_STRICT is set, AKID verification is performed automatically.
CRL verification now includes additional checks for revoked certificates and distribution points.
New algorithms: SM2/SM3 signatures, curveSM2, curveSM2MLKEM768, cSHAKE (SP 800-185), ML-DSA-MU, SNMP KDF, SRTP KDF.
FIPS self-tests can be deferred with -defer_tests during openssl fipsinstall.

# Enable ECH on a server
openssl s_server -tls1_3 -ech -cert server.pem -key server.key -port 4433

What API changes should developers be aware of when migrating to OpenSSL 4.0?

Several APIs have been hardened with const qualifiers, opaque types, and removal of global cleanup via atexit.

ASN1_STRING is now opaque; use accessor functions like ASN1_STRING_get0_data().
Many X509-related functions now accept const pointers, reducing accidental mutation.
OPENSSL_cleanup() is invoked automatically by a global destructor; manual calls are optional.
Lower-bound checks for PKCS5_PBKDF2_HMAC are enforced when using the FIPS provider.
Hex dump functions now produce fixed widths (24 bytes for signatures, 16 bytes otherwise).

# Optional explicit cleanup (usually unnecessary)
OPENSSL_cleanup();

Which tools and scripts were removed or replaced in OpenSSL 4.0?

The legacy c_rehash script is gone and the unreliable BIO_f_reliable implementation has been removed.

c_rehash has been removed; use the new openssl rehash command instead.
The broken BIO_f_reliable() implementation was dropped without replacement.
The msie-hack option in openssl ca is no longer available.
Engine loading code has been stripped, simplifying the build system.

FAQ

Does OpenSSL 4.0 require rebuilding applications that use the engine API?
Yes, any code that links against the engine API must be recompiled and the engine calls removed because the API no longer exists.

How can I enable Encrypted Client Hello in a TLS server configuration?
Use the -ech flag with openssl s_server or set SSL_CTX_set_hello_cb in your application to process ECH.

What is the replacement for the removed c_rehash command?
The new openssl rehash command provides the same functionality for generating hash symlinks.

Which function should I use instead of X509_cmp_time for certificate time checks?
Use X509_check_certificate_times which returns detailed status codes for notBefore and notAfter.

Is OPENSSL_cleanup still needed after upgrading to OpenSSL 4.0?
It is optional because a global destructor now runs the cleanup automatically.

How do I compile OpenSSL 4.0 with deprecated EC curves support?
Configure with enable-tls-deprecated-ec to re-enable the curves that were disabled by default.

Releases In Branch 4.0

Version	Release date
4.0.0	14 Apr 2026 (1 month ago)
4.0.0-beta1	24 Mar 2026 (1 month ago)
4.0.0-alpha1	10 Mar 2026 (2 months ago)