Adopting OpenSSL for the enterprise software

With its flexible architecture and enhanced performance, OpenSSL 3 has seen increasing adoption across the enterprise software landscape, where stringent requirements for security, modularity, performance, and stability are paramount. As one of the world’s largest enterprise software vendors, Oracle provides a broad portfolio encompassing operating systems, databases, and applications. These offerings support a wide spectrum from small to extremely large environments, operating under diverse loads, use cases, and legacy as well as modern configurations. Adoption of OpenSSL within such a landscape introduces a range of unique requirements, including cryptographic strength tuning for legacy systems, PKCS#11 support for hardware security modules (HSMs), robust thread safety, extreme connection scalability without memory leakage, application key material injection into the TLS stack, TLS context migration across processes, and strict minimum-load performance expectations. Additionally, support is needed for Java and Microsoft Cryptography Next Generation (CNG) support. This presentation outlines Oracle’s journey in adopting OpenSSL, and discusses the above challenges, accommodations, and workarounds. Additionally, we will offer recommendations on how OpenSSL 3 can be made easier to adopt for larger enterprise software organizations.