OpenSSL Migration Guide Overview
The OpenSSL migration guide provides details on the changes required to migrate to new versions of OpenSSL, specifically covering OpenSSL 3.0 & 3.1. Some of the main changes include:
- For OpenSSL 3.1, the FIPS provider now includes some non-FIPS-validated algorithms. The property query
fips=yesis mandatory for applications wanting to operate in a FIPS-approved manner. - OpenSSL 3.0 is a major release, requiring applications using older versions to at least be recompiled to work with the new version.
- A significant change in OpenSSL 3.0 is the introducing of the Provider concept, which groups algorithm implementations.
- OpenSSL 3.0 has deprecated the use of low-level APIs in favor of high-level APIs.
- The licensing for OpenSSL has changed from the dual OpenSSL and SSLeay licenses to the Apache License v2.
- There are also updates related to algorithms, key validation, error codes, and more.
Further details can be found in the original documentation.