Yi Ouyang
Dr. Yi Ouyang is the Director of Software Development at Oracle, where he leads the Oracle Crypto Foundation team. In this role, he oversees the design and implementation of critical security technologies, including network security, data encryption, and authentication systems that help safeguard Oracle’s infrastructure and products.
Dr. Ouyang earned his Ph.D. in Computer Science from Dartmouth College in New Hampshire, USA, in 2008. His doctoral research concentrated on encryption key management, data protection, and privacy in sensor networks, and his work has been featured in several prestigious international conferences.
Since joining Oracle, Dr. Ouyang has been instrumental in the development of numerous security products and features, contributing to Oracle’s reputation as a global leader in enterprise security solutions.
Session
With its flexible architecture and enhanced performance, OpenSSL 3 has seen increasing adoption across the enterprise software landscape, where stringent requirements for security, modularity, performance, and stability are paramount. As one of the world’s largest enterprise software vendors, Oracle provides a broad portfolio encompassing operating systems, databases, and applications. These offerings support a wide spectrum from small to extremely large environments, operating under diverse loads, use cases, and legacy as well as modern configurations.
Adoption of OpenSSL within such a landscape introduces a range of unique requirements, including cryptographic strength tuning for legacy systems, PKCS#11 support for hardware security modules (HSMs), robust thread safety, extreme connection scalability without memory leakage, application key material injection into the TLS stack, TLS context migration across processes, and strict minimum-load performance expectations. Additionally, support is needed for Java and Microsoft Cryptography Next Generation (CNG) support.
This presentation outlines Oracle’s journey in adopting OpenSSL, and discusses the above challenges, accommodations, and workarounds. Additionally, we will offer recommendations on how OpenSSL 3 can be made easier to adopt for larger enterprise software organizations.