Chapter 1. Overview

1.1. Major changes in RHEL 9.0 Beta


OpenSSL is now provided in version 3.0.0-0.beta2, which adds a provider concept, a new versioning scheme, an improved HTTP(S) client, support for new protocols, formats, and algorithms, and many other improvements.

The system-wide cryptographic policies have been adjusted to provide up-to-date secure defaults.

OpenSSH is distributed in version 8.6p1, which provides many enhancements, bug fixes, and security improvements as compared to version 8.0p1, which is distributed in RHEL 8.5.

SELinux performance has been substantially improved, including time to load SELinux policy into the kernel, memory overhead, and other parameters. For additional information, see the Improving the performance and space efficiency of SELinux blog post.

The scap-security-guide packages are provided in version 0.1.57, which introduces substantial changes over the versions provided in RHEL 8.

See Section 4.7, “Security” for more information.

Use of SHA-1 is restricted in the DEFAULT crypto policy. With the exception of HMAC and DNSSec usage, SHA-1 is no longer allowed in TLS, DTLS, SSH, IKEv2 and Kerberos protocols.

Cyrus SASL now uses GDBM instead of Berkeley DB, and the Network Security Services (NSS) libraries no longer support the DBM file format for the trust database.

Support for disabling SELinux through the SELINUX=disabled option in the /etc/selinux/config file has been removed from the kernel. When you disable SELinux only through /etc/selinux/config, the system starts with SELinux enabled but with no policy loaded. If your scenario requires disabling SELinux, add the selinux=0 parameter to your kernel command line.

See the Security section in the Considerations in adopting RHEL 9 for more information about security-related major differences between RHEL 9 and RHEL 8.


The WireGuard VPN technology is now available as an unsupported Technology Preview.

The teamd service and the libteam library are deprecated. As a replacement, configure a bond instead of a network team.

The iptables-nft and ipset are deprecated. These packages include utilities, such as iptables, ip6tables, ebtables and arptables. Use the nftables framework to configure firewall rules.

You can use the new MultiPath TCP daemon (mptcpd) to configure MultiPath TCP (MPTCP) endpoints without using the iproute2 utility.

The network-scripts package has been removed. Use NetworkManager to configure network connections.

By default, NetworkManager now uses the key file format to store new connection profiles. Note that the ifcfg format is still supported.

For more information about the features introduced in this release and changes in the existing functionality, see Section 4.8, “Networking”.

Dynamic programming languages, web and database servers

RHEL 9.0 Beta provides the following dynamic programming languages:

  • Node.js 16
  • Perl 5.32
  • PHP 8.0
  • Python 3.9
  • Ruby 3.0

RHEL 9.0 Beta includes the following version control systems:

  • Git 2.31
  • Subversion 1.14

The following web servers are distributed with RHEL 9.0 Beta:

  • Apache HTTP Server 2.4
  • nginx 1.20

The following proxy caching servers are available:

  • Varnish Cache 6.5
  • Squid 5.1

RHEL 9.0 Beta offers the following database servers:

  • MariaDB 10.5
  • MySQL 8.0
  • PostgreSQL 13
  • Redis 6.2

See Section 4.11, “Dynamic programming languages, web and database servers” for more information.

Compilers and development tools

Updated compiler toolsets

The following compiler toolsets are available with RHEL 9.0 Beta:

  • LLVM Toolset 12.0.1
  • Rust Toolset 1.54.0
  • Go Toolset 1.16.6
Updated system toolchain

The following system toolchain components are available with RHEL 9.0 Beta:

  • GCC 11.2
  • glibc 2.34
  • binutils 2.35
Updated performance tools and debuggers

The following performance tools and debuggers are available with RHEL 9.0 Beta:

  • GDB 10.2
  • Valgrind 3.17.0
  • SystemTap 4.5
  • Dyninst 11.0.0
  • elfutils 0.185
Java tools

The following Java tools are available with RHEL 9.0 Beta:

  • Maven 3.6
  • Ant 1.10

See Section 4.12, “Compilers and development tools” for more information.


The QEMU emulator is now built using the Clang compiler. This enables the RHEL 9 KVM hypervisor to use a number of advanced security and debugging features. One of these features is SafeStack, which makes virtual machines (VMs) hosted on RHEL 9 significantly more secure against attacks based on Return-Oriented Programming (ROP).

For more information about virtualization features introduced in this release, see Section 4.16, “Virtualization”.

1.2. Red Hat Customer Portal Labs

Red Hat Customer Portal Labs is a set of tools in a section of the Customer Portal available at The applications in Red Hat Customer Portal Labs can help you improve performance, quickly troubleshoot issues, identify security problems, and quickly deploy and configure complex applications. Some of the most popular applications are:

1.3. Additional resources

  • The Red Hat Insights service, which enables you to proactively identify, examine, and resolve known technical issues, is now available with all RHEL subscriptions. For instructions on how to install the Red Hat Insights client and register your system to the service, see the Red Hat Insights Get Started page.