We have released LibreSSL 3.2.0, which will be arriving in the LibreSSL directory of your local OpenBSD mirror soon.
This is the first development release from the 3.2.x series, which will eventually be part of OpenBSD 6.8. It includes the following changes: * Enable TLS 1.3 server side in addition to client by default. With this change TLS 1.3 is handled entirely on the new stack and state machine, with fallback to the legacy stack and state machine for older versions. Note that the OpenSSL TLS 1.3 API is not yet visible/available. * Improve length checks in the TLS 1.3 record layer and provide appropriate alerts for violations of record layer limits. * Enforce that SNI hostnames received by the TLS server are correctly formed as per RFC 5890 and RFC 6066, responding with illegal parameter for a nonconformant host name. * Support SSL_MODE_AUTO_RETRY in TLS 1.3 to allow the automatic retry of handshake messages. * Modify I/O behavior so that SSL_MODE_AUTO_RETRY is the default similar to new OpenSSL releases. * Modify openssl(1) to clear SSL_MODE_AUTO_RETRY appropriately in various commands. * Add tlsfuzzer based regression tests. * Support sending certificate status requests from the TLS 1.3 client to request OCSP staples for leaf certificates. * Support sending certificate status replies from the TLS 1.3 server in order to send OCSP staples for leaf certificates. * Send correct alerts when handling failed key share extensions on the TLS 1.3 server. * Various compatibility fixes for TLS 1.3 to 1.2 fallback for switching from the new to legacy stacks. * Support TLS 1.3 options in the openssl(1) command. * Many alert cleanups in TLS 1.3 to provide expected alerts in failure conditions. * Modify "openssl x509" to display invalid certificate times as invalid, and correctly deal with the failing return case from X509_cmp_time so that a certificate with an invalid NotAfter does not appear valid. * Support sending dummy change_cipher_spec records for TLS 1.3 middlebox compatibility. * Ensure only PSS signatures are used with RSA in TLS 1.3. * Ensure that TLS 1.3 clients advertise exactly the "null" compression method in its legacy_compression_methods. * Correct use of sockaddr_storage instead of sockaddr in openssl(1) s_client, which could lead to using 14 bytes of stack garbage instead of an IPv6 address in DTLS mode. * Use non-expired certificates first when building a certificate chain. The LibreSSL project continues improvement of the codebase to reflect modern, safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.