Importance of OpenSSL 3.0

In the ever-evolving landscape of digital security, staying ahead of threats and ensuring organizational protection is paramount. Enter OpenSSL 3.0—a major step forward in modernizing cryptographic standards and compliance. OpenSSL 3.0 is redefining how organizations and developers safeguard their digital environments. Many standards now require OpenSSL 3.0 to remain secure and compliant; explore the Splunk Enterprise Beta program to begin hardening your deployment and applications today to be ready for fast moving compliance requirements. In addition, the Splunk Health Assistant Add-On, available through Splunkbase, supplements the Splunk Enterprise Monitoring Console with new validations, allowing customers to update the validation logic before upgrading their Splunk Enterprise deployment.

Hold On, Remind Me About OpenSSL. What Is It?

OpenSSL is a third-party, open-source library fundamental to Splunk’s Public Key Infrastructure, used for secure communications (TLS/SSL), encryption, signing and hashing. OpenSSL plays a crucial role in securing communications over computer networks, generating private keys, creating Certificate Signing Requests (CSRs), installing SSL/TLS certificates, and identifying certificate information. With the advent of OpenSSL 3.0, a significant update has ushered in new features and improvements that are essential for modern applications and infrastructure.

Great. So, What Is OpenSSL 3.0 and What’s New About It?

OpenSSL 3.0 offers a more modular architecture, adds new cryptographic algorithms, and removes insecure ones (such as MD5, RC4, and SSL 3.0) to address security issues. It is also a necessary step for updating other dependencies in the Splunk platform, such as Python 3.9 and KV Service.

While the OpenSSL 3.0 library no longer includes support for the deprecated TLS 1.0 and TLS 1.1 protocols and these protocols are not available when the Splunk platform is run in FIPS mode, Splunk has added support for these protocols into the OpenSSL 3.0 package that is shipped with the next version of the Splunk platform in an effort to reduce disruption associated with customer upgrades. However, we encourage all customers and app developers to prioritize migration to TLS 1.2.

What Makes OpenSSL 3.0 More Secure?

OpenSSL 3.0 delivers numerous security improvements over its predecessors. An ongoing list of these enhancements is published by OpenSSL, ensuring transparency and continuous updates for users. Explore the detailed security improvements here.

Why Move To OpenSSL 3.0?

Migrating to OpenSSL 3.0 is an industry best practice due to its extensive security improvements over OpenSSL 1.0.2, which is included in Splunk platform versions 9.4 and lower. OpenSSL 3.0 is also required for compliance with crucial security standards, including the FIPS 140-3 revision, mandatory for all US federal agency customers by September 2026.

OpenSSL 3.0 provides cryptographic algorithms and protocols that application developers may need to communicate securely with external services. Its modular architecture allows for enhanced flexibility and security in many application contexts.

Updating to OpenSSL 3.0 represents a significant advancement for Splunk. Developers and administrators can expect improved support for modern protocols and more predictable upgrade paths, ultimately benefiting from the latest features and enhanced security.

What Actions Can I Take?

All Splunk App Developers can sign up for our Splunk Enterprise Beta and review this Splunk Community Blog for information on how to test their Splunk app compatibility with OpenSSL 3.0.

OpenSSL 3.0 is a significant milestone in the journey towards more secure and reliable digital communications. By staying informed and proactive, developers and organizations can ensure their systems remain robust and compliant with current standards. For a detailed overview of the upcoming changes in the next Splunk Enterprise and Splunk Cloud Platform update, visit this Lantern Article.