Cryptography & Security Newsletter

Feisty Duck’s Cryptography & Security Newsletter is a periodic dispatch bringing you commentary and news surrounding cryptography, security, privacy, SSL/TLS, and PKI. It's designed to keep you informed about the latest developments in this space. Enjoyed every month by more than 50,000 subscribers. Written by Ivan Ristić.

A lot changed when OpenSSL 3 was first released. This version was supposed to bring significant improvements and modernize the project after nearly thirty years of development. Instead, it introduced significant performance regressions, essentially breaking the project for any high-volume deployment. It didn’t help that the previous stable version, the 1.1.1 branch, had been promptly deprecated.

For a very long time, this was not something that was talked about. There were issues on the OpenSSL tracker, but only those who experienced these performance issues would find them. Eventually, the HAProxy developers wrote an extensive article on the state of SSL libraries in general and OpenSSL in particular. The message was clear: Stay away from OpenSSL 3.x if you care about performance.

This year, at the inaugural OpenSSL Conference, several talks provided more background information about the performance regressions and other changes in the 3.x branch:

• William Bellingrath, from Juniper Networks, shared the company’s performance data from testing OpenSSL 1.1.1 through 3.4—and provided some hints about 3.5.
• Tomáš Mráz, an OpenSSL developer, offered some tips about how to make OpenSSL 3.x perform better.
• Alex Gaynor and Paul Kehrer, maintainers of Python’s cryptography library (Python’ Cryptographic Authority), shared their experience porting their code from 1.1.1 to the 3.x branch.
• Martin Schmatz, from IBM Research, shared the results of IBM’s extensive testing of OpenSSL 3.5.3, with a focus on understanding the performance impacts of post-quantum cryptography.

If you have an interest in OpenSSL, these three presentations will be well worth your time. Overall, it seems that, after four years of improvements, OpenSSL 3.5.x is in relatively reasonable shape and (finally) comparable to the performance of the now-ancient 1.1.1 branch. Many opportunities for performance improvements still exist, however.

It’s good to know that OpenSSL 3.5.x has gotten better—because there is currently a major shift to post-quantum cryptography, and the popular Linux distributions have chosen 3.5.x as the version to use for that. Examples include Debian 13 Trixie (released in August 2025), Red Hat Enterprise Linux 10.1 (released in November 2025), and Ubuntu 26.04 LTS (to be released in April 2026). Post-quantum cryptography is already going to perform worse; we don’t need to make it slower than it needs to be.

Short News

• Videos from the OpenSSL Conference 2025 are now available. This is probably the only conference in the world to have two talks with the word “bollocks” in the title.
• Also available are videos from PKI Consortium’s latest PQC Conference in Kuala Lumpur.
• Ryan Hurst writes about attestation, which is increasing in popularity.
• Jan Schaumann investigates browser support for the new HTTPS record.
• NIST has released the final version of Considerations for Achieving Crypto Agility.
• Filippo Valsorda walks through building a key server from scratch and with embedded transparency.
• Marin’s CRQC Quantum Capability Framework is from 2018, but it looks good.
• Trail of Bits has developed constant-time coding support for LLVM, which moves the problem into the compiler.
• Soatok has announced key transparency for the Fediverse.
• The Careless Whisper research paper explores stealth messenger user activity via delivery notifications.
• Support for Encrypted Client Hello is coming to Nginx. It looks like it’s still on a separate branch.
• Trail of Bits has a webinar about building secure, end-to-end-encrypted systems.
• Anthropic has opened two new cohorts for AI security fellow positions.
• Real World Crypto 2026, which will be held in March in Taipei, has published its list of accepted papers.
• Wired published a guide to digital opsec for teens. In his blog post, JP Aumasson shares his original notes as well as the backstory.
• Let’s Encrypt will switch to forty-five-day certificates in February 2028, a year ahead of the deadline.
• Recon Wave looked into global centralization of authoritative DNS: GoDaddy and Cloudflare are at the top, with everyone else far below.
• Let’s Encrypt celebrated ten years. ISRG, its parent organization, published its 2025 annual report.
• Christophe Brocas wrote about the history of ACME.
• Certigna, one of the smaller CAs, will exit the public certificate business in 2026. The company cites the ever-changing requirements as the main reason.
• Texas has sued TV makers for taking screenshots of what people watch. We covered this practice last year.
• In the EU, Chat Control has been adopted by the Council, albeit in a weaker form.
• Nadim Kobeissi is developing a secure peer-to-peer file system called folder.zone.
• Apple’s FaceTime has been blocked in Russia.
• Chrome will remove the requirement for v1 CT logs, effective April 2026.
• It looks like Microsoft will finally deprecate RC4.
• CA/Browser Forum, via Ballot CSC-31, reduced the maximum validity of code-signing certificates to 460 days, effective March 2026.
• Sophie Schmieg writes about the security of PQC algorithms and, in another post, about ML-KEM specifically.
• AWS has published its post-quantum migration plan.
• Secure Key Storage is a Go library that abstracts security hardware on laptops.
• Ivan Krstić, who leads security engineering and architecture at Apple, gave a keynote at Hexacon 2025 that ended with a passionate call to everyone who works in computer security: “Your security work . . . should aim to make the world a better place. . . . If you’re not sure it does, find work elsewhere.” Hear, hear.