OpenSSL 4.0 Alpha Arrives with Encrypted Client Hello and Post-Quantum Cryptography
The OpenSSL project has released version 4.0.0-alpha1, introducing Encrypted Client Hello (ECH) per RFC 9849 to hide TLS SNI from network observers, alongside new post-quantum cryptographic algorithms. The release also removes the deprecated ENGINE interface and drops SSLv3 support entirely.
The OpenSSL project has released version 4.0.0-alpha1, the first preview of a major new version that introduces Encrypted Client Hello (ECH), removes the legacy ENGINE interface, and drops SSLv3 support entirely. The release marks the biggest architectural change to OpenSSL since the 3.0 provider model was introduced in 2021.
Encrypted Client Hello
ECH, defined in RFC 9849, is a TLS extension that encrypts the ClientHello message — specifically the Server Name Indication (SNI) field that reveals which website a user is connecting to. Without ECH, network observers (ISPs, firewalls, government surveillance systems) can see the hostname in every TLS connection, even though the subsequent data is encrypted. ECH closes this metadata leak by encrypting the entire ClientHello using a public key published in DNS.
OpenSSL 4.0 implements ECH for both clients and servers. Client applications can retrieve ECH configuration from DNS HTTPS records automatically, while servers can publish and rotate their ECH keys through the standard OpenSSL configuration mechanism. The implementation follows the split-mode architecture defined in the RFC, where an outer ClientHello carries encrypted inner contents that only the intended server can decrypt.
ENGINE Removal and SSLv3 Deprecation
The ENGINE interface, which allowed custom cryptographic implementations to be loaded at runtime, has been removed entirely. ENGINE was deprecated in OpenSSL 3.0 in favor of the provider model, which offers better isolation and a cleaner API. Applications still using ENGINE will need to migrate to providers before upgrading to 4.0.
SSLv3, deprecated since the POODLE attack in 2014, is no longer available even as a compile-time option. The c_rehash script, a long-standing source of security concerns due to shell injection risks, has been replaced with the built-in openssl rehash command.
New Cryptographic Algorithms
OpenSSL 4.0 adds ML-DSA-MU (multi-user variant of the post-quantum signature scheme), cSHAKE (customizable SHAKE hash function), and key derivation functions for SNMP and SRTP protocols. The negotiated FFDHE key exchange specified in RFC 7919 is also now supported, providing standardized finite-field Diffie-Hellman parameters that eliminate the risks of weak custom groups.
The beta release is scheduled for March 24, with the final 4.0.0 release targeted for April 7, 2026.
Related Articles
Cloudflare 2026 Threat Report: 230 Billion Daily Blocked Threats and the Rise of Credential Attacks
Cloudflare has published its inaugural annual threat report revealing the company blocks over 230 billion threats daily across 20% of global web traffic. DDoS attacks doubled year-over-year to 47.1 million incidents, with the largest reaching a record 31.4 Tbps, while bots now account for 94% of all login attempts.
HashiCorp Patches Consul Arbitrary File Read Vulnerability in Kubernetes Auth
HashiCorp has released emergency patches for Consul to address CVE-2026-2808, a medium-severity vulnerability allowing arbitrary file reads when Kubernetes authentication is enabled. The fix also adds HTTP server timeouts to prevent Slowloris denial-of-service attacks against Consul agent endpoints.
Let's Encrypt Now Issues Six-Day Certificates and IP Address Certificates via Certbot
Let's Encrypt and the EFF have announced support for six-day (160-hour) certificates and IP address certificates through Certbot 5.3 and 5.4. The ultra-short-lived certificates reduce the impact window of compromised keys by design, while IP address certificates enable HTTPS for services identified by address rather than hostname.