The developers of the OpenBSD project have released LibreSSL 3.6.0 portable edition, which develops a fork of OpenSSL aimed at providing a higher level of security. The LibreSSL project is focused on high-quality support for SSL / TLS protocols with the removal of unnecessary functionality, the addition of additional security features and a significant cleaning and reworking of the code base. The LibreSSL 3.6.0 release is seen as an experimental release that develops features that will be included with OpenBSD 7.2.
Features of LibreSSL 3.6.0:
- The EVP API for the HKDF (HMAC Key Derivation Function) has been ported from OpenSSL.
- Added API for setting and getting security levels β SSL_{,CTX}_{get,set}_security_level().
- Added experimental API support for the QUIC protocol, originally implemented in BoringSSL.
- Added initial support for TS ESSCertIDv2 verification.
- The Bailey-Pomeranz-Selfridge-Wagstaff (Baillie-PSW) primality test is used instead of the Miller-Rabin test.
- Significant internal revision has been carried out. Removed resource-intensive RFC 3779 checks when verifying certificates. Redesigned decoder and time parser for ASN.1. Rewritten implementation of ASN1_STRING_to_UTF8().
- Added -"s" option to openssl utility to show only ciphers supported by the specified protocol.
Source: opennet.ru